ZwSetSecurityObject - Impersonation and credentials

Hi,

I’m having a problem in my mini filter when setting the administrator
as owner using ZwSetSecurityObject on a file (locally) created in the
same thread by my mini filter.

I have set all necessary privileges (SE_BACKUP_PRIVILEGE,
SE_RESTORE_PRIVILEGE, SE_TAKE_OWNERSHIP_PRIVILEGE) and all necessary
flags set in FltCreateFile.

Sometimes (very seldom), this fails with STATUS_INVALID_OWNER (even
though the owner is perfectly correct). However, if I post to a system
worker queue and reissue the call, it goes through with no error.

I’ve been told that the reason for this is that I’m in an
impersonation thread that doesn’t have sufficient credentials.

Further I’ve been told that even with restore privilege, calling from
kernel mode, it still depends upon the impersonation token in the
thread context.

Is there a way for me to figure out when I need to post the
ZwSetSecurityObject to a system worker? Of course, I can check if it
returns with STATUS_INVALID_OWNER and post in case of error, but it
would be very for me if I can figure out that I’m in a thread without
the sufficient credentials and post before the error has occured.

// Lars

You might use IoIsSystemThread() to determine if you have sufficient
credentials.

Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Lars Karlsson
Sent: Thursday, August 11, 2005 9:01 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] ZwSetSecurityObject - Impersonation and credentials

Hi,

I’m having a problem in my mini filter when setting the administrator
as owner using ZwSetSecurityObject on a file (locally) created in the
same thread by my mini filter.

I have set all necessary privileges (SE_BACKUP_PRIVILEGE,
SE_RESTORE_PRIVILEGE, SE_TAKE_OWNERSHIP_PRIVILEGE) and all necessary
flags set in FltCreateFile.

Sometimes (very seldom), this fails with STATUS_INVALID_OWNER (even
though the owner is perfectly correct). However, if I post to a system
worker queue and reissue the call, it goes through with no error.

I’ve been told that the reason for this is that I’m in an
impersonation thread that doesn’t have sufficient credentials.

Further I’ve been told that even with restore privilege, calling from
kernel mode, it still depends upon the impersonation token in the
thread context.

Is there a way for me to figure out when I need to post the
ZwSetSecurityObject to a system worker? Of course, I can check if it
returns with STATUS_INVALID_OWNER and post in case of error, but it
would be very for me if I can figure out that I’m in a thread without
the sufficient credentials and post before the error has occured.

// Lars


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

Hi Ken,

Thanks for the advice. This works in most cases, yes. But it doesn’t
solve the problem on XP SP2 during start up and the load of the
registry hives and creation of the registry hives log files.

In this case I’m in the following thread when I need to create the
file and set the administrator as owner:

THREAD 89cf25f0 Cid 0004.027c Teb: 00000000 Win32Thread: 00000000
RUNNING on processor 1
IRP List:
89d1ae48: (0006,01b4) Flags: 00000830 Mdl: 00000000
Not impersonating
DeviceMap e10021a0
Owning Process 8a480830 Image: System
Wait Start TickCount 646 Ticks: 2 (0:00:00:00.031)
Context Switch Count 38
UserTime 00:00:00.0000
KernelTime 00:00:00.0046
Start Address nt!CmpLoadHiveThread (0x8094e1ac)
Stack Init ba57b000 Current ba57a174 Base ba57b000 Limit ba578000 Call
0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 16

The call stack before my driver is:

fltMgr!FltpPerformPreCallbacks+0x2d4 (FPO: [Non-Fpo])
fltMgr!FltpPassThroughInternal+0x32 (FPO: [Non-Fpo])
fltMgr!FltpPassThrough+0x1df (FPO: [Non-Fpo])
fltMgr!FltpFsControl+0xbb (FPO: [Non-Fpo])
nt!IopfCallDriver+0x31 (FPO: [0,0,0])
nt!IopSynchronousServiceTail+0x60 (FPO: [Non-Fpo])
nt!IopXxxControlFile+0x5c5 (FPO: [Non-Fpo])
nt!NtFsControlFile+0x2a (FPO: [Non-Fpo])
nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ ba57aab4)
nt!ZwFsControlFile+0x11 (FPO: [10,0,0])
nt!CmpOpenHiveFiles+0x1c9 (FPO: [Non-Fpo])
nt!CmpInitHiveFromFile+0x12a (FPO: [Non-Fpo])
nt!CmpLoadHiveThread+0x19f (FPO: [Non-Fpo])
nt!PspSystemThreadStartup+0x34 (FPO: [Non-Fpo])
nt!KiThreadStartup+0x16

In this thread, the IoIsSystemThread() returns TRUE and
ZwSetSecurityObject still fails with STATUS_INVALID_OWNER. Posting to
a worker thread solves this error.

Is there a way to tell it will fail in this case as well?

// Lars

On Thu, 11 Aug 2005 09:11:37 -0400, “Ken Cross”
wrote:

>You might use IoIsSystemThread() to determine if you have sufficient
>credentials.
>
>Ken
>
>
>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com] On Behalf Of Lars Karlsson
>Sent: Thursday, August 11, 2005 9:01 AM
>To: Windows File Systems Devs Interest List
>Subject: [ntfsd] ZwSetSecurityObject - Impersonation and credentials
>
>Hi,
>
>I’m having a problem in my mini filter when setting the administrator
>as owner using ZwSetSecurityObject on a file (locally) created in the
>same thread by my mini filter.
>
>I have set all necessary privileges (SE_BACKUP_PRIVILEGE,
>SE_RESTORE_PRIVILEGE, SE_TAKE_OWNERSHIP_PRIVILEGE) and all necessary
>flags set in FltCreateFile.
>
>Sometimes (very seldom), this fails with STATUS_INVALID_OWNER (even
>though the owner is perfectly correct). However, if I post to a system
>worker queue and reissue the call, it goes through with no error.
>
>I’ve been told that the reason for this is that I’m in an
>impersonation thread that doesn’t have sufficient credentials.
>
>Further I’ve been told that even with restore privilege, calling from
>kernel mode, it still depends upon the impersonation token in the
>thread context.
>
>Is there a way for me to figure out when I need to post the
>ZwSetSecurityObject to a system worker? Of course, I can check if it
>returns with STATUS_INVALID_OWNER and post in case of error, but it
>would be very for me if I can figure out that I’m in a thread without
>the sufficient credentials and post before the error has occured.
>
>// Lars
>
>—
>Questions? First check the IFS FAQ at
>https://www.osronline.com/article.cfm?id=17
>
>You are currently subscribed to ntfsd as: xxxxx@comcast.net
>To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Lars:

You may be reaching the point of diminishing returns.

If you’re only talking about conditions during startup, why fool with it?
Why not just go ahead and try it and post the thread if it fails (or don’t
try it and just *always* post the thread)?

Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Lars Karlsson
Sent: Thursday, August 11, 2005 10:20 AM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] ZwSetSecurityObject - Impersonation and credentials

Hi Ken,

Thanks for the advice. This works in most cases, yes. But it doesn’t
solve the problem on XP SP2 during start up and the load of the
registry hives and creation of the registry hives log files.

In this case I’m in the following thread when I need to create the
file and set the administrator as owner:

THREAD 89cf25f0 Cid 0004.027c Teb: 00000000 Win32Thread: 00000000
RUNNING on processor 1
IRP List:
89d1ae48: (0006,01b4) Flags: 00000830 Mdl: 00000000
Not impersonating
DeviceMap e10021a0
Owning Process 8a480830 Image: System
Wait Start TickCount 646 Ticks: 2 (0:00:00:00.031)
Context Switch Count 38
UserTime 00:00:00.0000
KernelTime 00:00:00.0046
Start Address nt!CmpLoadHiveThread (0x8094e1ac)
Stack Init ba57b000 Current ba57a174 Base ba57b000 Limit ba578000 Call
0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 16

The call stack before my driver is:

fltMgr!FltpPerformPreCallbacks+0x2d4 (FPO: [Non-Fpo])
fltMgr!FltpPassThroughInternal+0x32 (FPO: [Non-Fpo])
fltMgr!FltpPassThrough+0x1df (FPO: [Non-Fpo])
fltMgr!FltpFsControl+0xbb (FPO: [Non-Fpo])
nt!IopfCallDriver+0x31 (FPO: [0,0,0])
nt!IopSynchronousServiceTail+0x60 (FPO: [Non-Fpo])
nt!IopXxxControlFile+0x5c5 (FPO: [Non-Fpo])
nt!NtFsControlFile+0x2a (FPO: [Non-Fpo])
nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ ba57aab4)
nt!ZwFsControlFile+0x11 (FPO: [10,0,0])
nt!CmpOpenHiveFiles+0x1c9 (FPO: [Non-Fpo])
nt!CmpInitHiveFromFile+0x12a (FPO: [Non-Fpo])
nt!CmpLoadHiveThread+0x19f (FPO: [Non-Fpo])
nt!PspSystemThreadStartup+0x34 (FPO: [Non-Fpo])
nt!KiThreadStartup+0x16

In this thread, the IoIsSystemThread() returns TRUE and
ZwSetSecurityObject still fails with STATUS_INVALID_OWNER. Posting to
a worker thread solves this error.

Is there a way to tell it will fail in this case as well?

// Lars

On Thu, 11 Aug 2005 09:11:37 -0400, “Ken Cross”
wrote:

>You might use IoIsSystemThread() to determine if you have sufficient
>credentials.
>
>Ken
>
>
>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com] On Behalf Of Lars Karlsson
>Sent: Thursday, August 11, 2005 9:01 AM
>To: Windows File Systems Devs Interest List
>Subject: [ntfsd] ZwSetSecurityObject - Impersonation and credentials
>
>Hi,
>
>I’m having a problem in my mini filter when setting the administrator
>as owner using ZwSetSecurityObject on a file (locally) created in the
>same thread by my mini filter.
>
>I have set all necessary privileges (SE_BACKUP_PRIVILEGE,
>SE_RESTORE_PRIVILEGE, SE_TAKE_OWNERSHIP_PRIVILEGE) and all necessary
>flags set in FltCreateFile.
>
>Sometimes (very seldom), this fails with STATUS_INVALID_OWNER (even
>though the owner is perfectly correct). However, if I post to a system
>worker queue and reissue the call, it goes through with no error.
>
>I’ve been told that the reason for this is that I’m in an
>impersonation thread that doesn’t have sufficient credentials.
>
>Further I’ve been told that even with restore privilege, calling from
>kernel mode, it still depends upon the impersonation token in the
>thread context.
>
>Is there a way for me to figure out when I need to post the
>ZwSetSecurityObject to a system worker? Of course, I can check if it
>returns with STATUS_INVALID_OWNER and post in case of error, but it
>would be very for me if I can figure out that I’m in a thread without
>the sufficient credentials and post before the error has occured.
>
>// Lars
>
>—
>Questions? First check the IFS FAQ at
>https://www.osronline.com/article.cfm?id=17
>
>You are currently subscribed to ntfsd as: xxxxx@comcast.net
>To unsubscribe send a blank email to xxxxx@lists.osr.com
>


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

Ken,

Yeah, startup is the only case I’ve found so far (but this is an
important part for my driver). But I guess it can occur in other
situations as well?

I would like to reduce the the number of context switches (which will
be a lot if always posting), and it isn’t very straight forward to
have to run through a routine twice in order to know if it’s a real
error or not. That’s why I asked the question.

// Lars

On Thu, 11 Aug 2005 10:30:45 -0400, “Ken Cross”
wrote:

>Lars:
>
>You may be reaching the point of diminishing returns.
>
>If you’re only talking about conditions during startup, why fool with it?
>Why not just go ahead and try it and post the thread if it fails (or don’t
>try it and just always post the thread)?
>
>Ken
>
>
>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com] On Behalf Of Lars Karlsson
>Sent: Thursday, August 11, 2005 10:20 AM
>To: Windows File Systems Devs Interest List
>Subject: Re:[ntfsd] ZwSetSecurityObject - Impersonation and credentials
>
>Hi Ken,
>
>Thanks for the advice. This works in most cases, yes. But it doesn’t
>solve the problem on XP SP2 during start up and the load of the
>registry hives and creation of the registry hives log files.
>
>In this case I’m in the following thread when I need to create the
>file and set the administrator as owner:
>
>THREAD 89cf25f0 Cid 0004.027c Teb: 00000000 Win32Thread: 00000000
>RUNNING on processor 1
>IRP List:
> 89d1ae48: (0006,01b4) Flags: 00000830 Mdl: 00000000
>Not impersonating
>DeviceMap e10021a0
>Owning Process 8a480830 Image: System
>Wait Start TickCount 646 Ticks: 2 (0:00:00:00.031)
>Context Switch Count 38
>UserTime 00:00:00.0000
>KernelTime 00:00:00.0046
>Start Address nt!CmpLoadHiveThread (0x8094e1ac)
>Stack Init ba57b000 Current ba57a174 Base ba57b000 Limit ba578000 Call
>0
>Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 16
>
>The call stack before my driver is:
>
>fltMgr!FltpPerformPreCallbacks+0x2d4 (FPO: [Non-Fpo])
>fltMgr!FltpPassThroughInternal+0x32 (FPO: [Non-Fpo])
>fltMgr!FltpPassThrough+0x1df (FPO: [Non-Fpo])
>fltMgr!FltpFsControl+0xbb (FPO: [Non-Fpo])
>nt!IopfCallDriver+0x31 (FPO: [0,0,0])
>nt!IopSynchronousServiceTail+0x60 (FPO: [Non-Fpo])
>nt!IopXxxControlFile+0x5c5 (FPO: [Non-Fpo])
>nt!NtFsControlFile+0x2a (FPO: [Non-Fpo])
>nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ ba57aab4)
>nt!ZwFsControlFile+0x11 (FPO: [10,0,0])
>nt!CmpOpenHiveFiles+0x1c9 (FPO: [Non-Fpo])
>nt!CmpInitHiveFromFile+0x12a (FPO: [Non-Fpo])
>nt!CmpLoadHiveThread+0x19f (FPO: [Non-Fpo])
>nt!PspSystemThreadStartup+0x34 (FPO: [Non-Fpo])
>nt!KiThreadStartup+0x16
>
>In this thread, the IoIsSystemThread() returns TRUE and
>ZwSetSecurityObject still fails with STATUS_INVALID_OWNER. Posting to
>a worker thread solves this error.
>
>Is there a way to tell it will fail in this case as well?
>
>// Lars
>
>
>
>On Thu, 11 Aug 2005 09:11:37 -0400, “Ken Cross”
>wrote:
>
>>You might use IoIsSystemThread() to determine if you have sufficient
>>credentials.
>>
>>Ken
>>
>>
>>-----Original Message-----
>>From: xxxxx@lists.osr.com
>>[mailto:xxxxx@lists.osr.com] On Behalf Of Lars Karlsson
>>Sent: Thursday, August 11, 2005 9:01 AM
>>To: Windows File Systems Devs Interest List
>>Subject: [ntfsd] ZwSetSecurityObject - Impersonation and credentials
>>
>>Hi,
>>
>>I’m having a problem in my mini filter when setting the administrator
>>as owner using ZwSetSecurityObject on a file (locally) created in the
>>same thread by my mini filter.
>>
>>I have set all necessary privileges (SE_BACKUP_PRIVILEGE,
>>SE_RESTORE_PRIVILEGE, SE_TAKE_OWNERSHIP_PRIVILEGE) and all necessary
>>flags set in FltCreateFile.
>>
>>Sometimes (very seldom), this fails with STATUS_INVALID_OWNER (even
>>though the owner is perfectly correct). However, if I post to a system
>>worker queue and reissue the call, it goes through with no error.
>>
>>I’ve been told that the reason for this is that I’m in an
>>impersonation thread that doesn’t have sufficient credentials.
>>
>>Further I’ve been told that even with restore privilege, calling from
>>kernel mode, it still depends upon the impersonation token in the
>>thread context.
>>
>>Is there a way for me to figure out when I need to post the
>>ZwSetSecurityObject to a system worker? Of course, I can check if it
>>returns with STATUS_INVALID_OWNER and post in case of error, but it
>>would be very for me if I can figure out that I’m in a thread without
>>the sufficient credentials and post before the error has occured.
>>
>>// Lars
>>
>>—
>>Questions? First check the IFS FAQ at
>>https://www.osronline.com/article.cfm?id=17
>>
>>You are currently subscribed to ntfsd as: xxxxx@comcast.net
>>To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
>—
>Questions? First check the IFS FAQ at
>https://www.osronline.com/article.cfm?id=17
>
>You are currently subscribed to ntfsd as: xxxxx@comcast.net
>To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Well, keep in mind that a context switch (or almost any other in-memory
operation) is pretty insignificant compared to actual disk I/O. Hence the
point of diminishing returns.

Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Lars Karlsson
Sent: Thursday, August 11, 2005 11:12 AM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] ZwSetSecurityObject - Impersonation and credentials

Ken,

Yeah, startup is the only case I’ve found so far (but this is an
important part for my driver). But I guess it can occur in other
situations as well?

I would like to reduce the the number of context switches (which will
be a lot if always posting), and it isn’t very straight forward to
have to run through a routine twice in order to know if it’s a real
error or not. That’s why I asked the question.

// Lars

On Thu, 11 Aug 2005 10:30:45 -0400, “Ken Cross”
wrote:

>Lars:
>
>You may be reaching the point of diminishing returns.
>
>If you’re only talking about conditions during startup, why fool with it?
>Why not just go ahead and try it and post the thread if it fails (or don’t
>try it and just always post the thread)?
>
>Ken
>
>
>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com] On Behalf Of Lars Karlsson
>Sent: Thursday, August 11, 2005 10:20 AM
>To: Windows File Systems Devs Interest List
>Subject: Re:[ntfsd] ZwSetSecurityObject - Impersonation and credentials
>
>Hi Ken,
>
>Thanks for the advice. This works in most cases, yes. But it doesn’t
>solve the problem on XP SP2 during start up and the load of the
>registry hives and creation of the registry hives log files.
>
>In this case I’m in the following thread when I need to create the
>file and set the administrator as owner:
>
>THREAD 89cf25f0 Cid 0004.027c Teb: 00000000 Win32Thread: 00000000
>RUNNING on processor 1
>IRP List:
> 89d1ae48: (0006,01b4) Flags: 00000830 Mdl: 00000000
>Not impersonating
>DeviceMap e10021a0
>Owning Process 8a480830 Image: System
>Wait Start TickCount 646 Ticks: 2 (0:00:00:00.031)
>Context Switch Count 38
>UserTime 00:00:00.0000
>KernelTime 00:00:00.0046
>Start Address nt!CmpLoadHiveThread (0x8094e1ac)
>Stack Init ba57b000 Current ba57a174 Base ba57b000 Limit ba578000 Call
>0
>Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 16
>
>The call stack before my driver is:
>
>fltMgr!FltpPerformPreCallbacks+0x2d4 (FPO: [Non-Fpo])
>fltMgr!FltpPassThroughInternal+0x32 (FPO: [Non-Fpo])
>fltMgr!FltpPassThrough+0x1df (FPO: [Non-Fpo])
>fltMgr!FltpFsControl+0xbb (FPO: [Non-Fpo])
>nt!IopfCallDriver+0x31 (FPO: [0,0,0])
>nt!IopSynchronousServiceTail+0x60 (FPO: [Non-Fpo])
>nt!IopXxxControlFile+0x5c5 (FPO: [Non-Fpo])
>nt!NtFsControlFile+0x2a (FPO: [Non-Fpo])
>nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ ba57aab4)
>nt!ZwFsControlFile+0x11 (FPO: [10,0,0])
>nt!CmpOpenHiveFiles+0x1c9 (FPO: [Non-Fpo])
>nt!CmpInitHiveFromFile+0x12a (FPO: [Non-Fpo])
>nt!CmpLoadHiveThread+0x19f (FPO: [Non-Fpo])
>nt!PspSystemThreadStartup+0x34 (FPO: [Non-Fpo])
>nt!KiThreadStartup+0x16
>
>In this thread, the IoIsSystemThread() returns TRUE and
>ZwSetSecurityObject still fails with STATUS_INVALID_OWNER. Posting to
>a worker thread solves this error.
>
>Is there a way to tell it will fail in this case as well?
>
>// Lars
>
>
>
>On Thu, 11 Aug 2005 09:11:37 -0400, “Ken Cross”
>wrote:
>
>>You might use IoIsSystemThread() to determine if you have sufficient
>>credentials.
>>
>>Ken
>>
>>
>>-----Original Message-----
>>From: xxxxx@lists.osr.com
>>[mailto:xxxxx@lists.osr.com] On Behalf Of Lars Karlsson
>>Sent: Thursday, August 11, 2005 9:01 AM
>>To: Windows File Systems Devs Interest List
>>Subject: [ntfsd] ZwSetSecurityObject - Impersonation and credentials
>>
>>Hi,
>>
>>I’m having a problem in my mini filter when setting the administrator
>>as owner using ZwSetSecurityObject on a file (locally) created in the
>>same thread by my mini filter.
>>
>>I have set all necessary privileges (SE_BACKUP_PRIVILEGE,
>>SE_RESTORE_PRIVILEGE, SE_TAKE_OWNERSHIP_PRIVILEGE) and all necessary
>>flags set in FltCreateFile.
>>
>>Sometimes (very seldom), this fails with STATUS_INVALID_OWNER (even
>>though the owner is perfectly correct). However, if I post to a system
>>worker queue and reissue the call, it goes through with no error.
>>
>>I’ve been told that the reason for this is that I’m in an
>>impersonation thread that doesn’t have sufficient credentials.
>>
>>Further I’ve been told that even with restore privilege, calling from
>>kernel mode, it still depends upon the impersonation token in the
>>thread context.
>>
>>Is there a way for me to figure out when I need to post the
>>ZwSetSecurityObject to a system worker? Of course, I can check if it
>>returns with STATUS_INVALID_OWNER and post in case of error, but it
>>would be very for me if I can figure out that I’m in a thread without
>>the sufficient credentials and post before the error has occured.
>>
>>// Lars
>>
>>—
>>Questions? First check the IFS FAQ at
>>https://www.osronline.com/article.cfm?id=17
>>
>>You are currently subscribed to ntfsd as: xxxxx@comcast.net
>>To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
>—
>Questions? First check the IFS FAQ at
>https://www.osronline.com/article.cfm?id=17
>
>You are currently subscribed to ntfsd as: xxxxx@comcast.net
>To unsubscribe send a blank email to xxxxx@lists.osr.com
>


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com