EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Urgent, please reply soon!

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#6347
Posted: 05/21/2008 13:47:21
by Sid Schipper (Standard support level)
Joined: 03/14/2008
Posts: 285

I have done some further testing and things seem much better, but I'm still not completely running the way I used to.

Does the call to GetOriginatorToken work differently depending on which callback routine I am in?

The symptom that I am apparently seeing is that in the OnEnumerateDirectory callback the GetOriginatorToken routine works as I expect it, but in the OnGetFileInfo callback it returns to me the token that gives me the user "SYSTEM" and domain "NT AUTHORITY", which is not what I am expecting.

Am I misinterpreting something?
#6348
Posted: 05/21/2008 14:16:18
by Sid Schipper (Standard support level)
Joined: 03/14/2008
Posts: 285

I have implemented something that works, temporarily, but it is what in America we call a "Kludge", and it is less than satisfactory.

What I did was everytime I get a security token that represents the user "SYSTEM" with domain "NT AUTHORITY", I call GetProcessToken to get the local user's token instead and I use that in all my Windows Security API calls. Unfortunately, that works, but I'm afraid that I am circumventing security by doing this and opening my system up to invalid access.

It would be better if the security token you are providing for me really represents the user that originated the callback, as it seems to do in the OnEnumerateDirectory callback, but not in the OnGetFileInfo callback.
#6349
Posted: 05/22/2008 07:27:57
by Volodymyr Zinin (EldoS Corp.)

I've corrected something. Please try the new driver that's attached to this message.
But IMO the security can be checked only in the OnCreate/OnOpen callbacks. If they return error then a program that tries to open some file can't do that (i.e. it doesn't obtain a handle to the file) and therefore it can't do any operations on it.
Also some operations often are performed in the context of the system process. These operations are OnSetFileSizes, OnGetVolumeId, OnGetVolumeLabel, OnGetVolumeSize, OnReadFile, OnWriteFile. For example if some file is opened as memory mapped section and someone writes to this section, then the write operation will be performed a little later by the "modified page writer" thread (that belongs to the system process). And in this case the only place where the security can be checked is the OnCrete/OnOpen callbacks.


[ Download ]
#6350
Posted: 05/22/2008 09:53:47
by Sid Schipper (Standard support level)
Joined: 03/14/2008
Posts: 285

The latest driver that you sent with the above message fixes all my problems. Please incorporate it in your next release. Thank you.
#6357
Posted: 05/22/2008 13:01:18
by Volodymyr Zinin (EldoS Corp.)

Yes. It will be added.
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 8964 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!