Hi everyone!
I’m observing a strange behavior when a file opened with
DesiredAccess=FILE_READ_DATA can be written. I use ZwCreateFile
to open the handle and ZwWriteFile to write to it. So, ZwWriteFile
returns with STATUS_SUCCESS and I can see data written to the file
although I have it opened with FILE_READ_DATA.
Does anyone have comments on that?
TIA,
Vladimir
This is normal operation for the VM system. The Memory Manager uses ONE
file object to back the section (which is used by the cache and any memory
mapping application for the file) and all paging I/O operations are done
against that one file object.
Another way this can happen is if a kernel mode component decides to perform
I/O using a file object. The fact that the user handle was granted with
FILE_READ_DATA access doesn’t make any difference to a kernel component
since the access check is done within the I/O manager (e.g., NtWriteFile)
and that doesn’t have anything to do with a driver that builds its own write
IRP.
In the first case, you’d see the IRP_PAGING_IO bit set in the IRP. In the
latter you would not. Both can (and do) occur and are normal behavior for
the OS.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http: http://www.osr.com
Hope to see you at the next OSR file systems class October 7, 2002!
-----Original Message-----
From: Chtchetkine, Vladimir [mailto:xxxxx@starbase.com]
Sent: Wednesday, April 10, 2002 9:34 AM
To: File Systems Developers
Subject: [ntfsd] Writing to a file opened with FILE_READ_DATA
Hi everyone!
I’m observing a strange behavior when a file opened with
DesiredAccess=FILE_READ_DATA can be written. I use ZwCreateFile
to open the handle and ZwWriteFile to write to it. So, ZwWriteFile
returns with STATUS_SUCCESS and I can see data written to the file
although I have it opened with FILE_READ_DATA.
Does anyone have comments on that?
TIA,
Vladimir
—
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to %%email.unsub%%</http:>