EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Urgent, please reply soon!

Posted: 05/21/2008 13:47:21
by Sid Schipper (Standard support level)
Joined: 03/14/2008
Posts: 285

I have done some further testing and things seem much better, but I'm still not completely running the way I used to.

Does the call to GetOriginatorToken work differently depending on which callback routine I am in?

The symptom that I am apparently seeing is that in the OnEnumerateDirectory callback the GetOriginatorToken routine works as I expect it, but in the OnGetFileInfo callback it returns to me the token that gives me the user "SYSTEM" and domain "NT AUTHORITY", which is not what I am expecting.

Am I misinterpreting something?
Posted: 05/21/2008 14:16:18
by Sid Schipper (Standard support level)
Joined: 03/14/2008
Posts: 285

I have implemented something that works, temporarily, but it is what in America we call a "Kludge", and it is less than satisfactory.

What I did was everytime I get a security token that represents the user "SYSTEM" with domain "NT AUTHORITY", I call GetProcessToken to get the local user's token instead and I use that in all my Windows Security API calls. Unfortunately, that works, but I'm afraid that I am circumventing security by doing this and opening my system up to invalid access.

It would be better if the security token you are providing for me really represents the user that originated the callback, as it seems to do in the OnEnumerateDirectory callback, but not in the OnGetFileInfo callback.
Posted: 05/22/2008 07:27:57
by Volodymyr Zinin (Team)

I've corrected something. Please try the new driver that's attached to this message.
But IMO the security can be checked only in the OnCreate/OnOpen callbacks. If they return error then a program that tries to open some file can't do that (i.e. it doesn't obtain a handle to the file) and therefore it can't do any operations on it.
Also some operations often are performed in the context of the system process. These operations are OnSetFileSizes, OnGetVolumeId, OnGetVolumeLabel, OnGetVolumeSize, OnReadFile, OnWriteFile. For example if some file is opened as memory mapped section and someone writes to this section, then the write operation will be performed a little later by the "modified page writer" thread (that belongs to the system process). And in this case the only place where the security can be checked is the OnCrete/OnOpen callbacks.

[ Download ]
Posted: 05/22/2008 09:53:47
by Sid Schipper (Standard support level)
Joined: 03/14/2008
Posts: 285

The latest driver that you sent with the above message fixes all my problems. Please incorporate it in your next release. Thank you.
Posted: 05/22/2008 13:01:18
by Volodymyr Zinin (Team)

Yes. It will be added.



Topic viewed 14076 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!