EldoS | Feel safer!

Software components for data protection, secure storage and transfer

The SYNCHRONIZE access mask

Posted: 09/21/2015 15:22:39
by Henri Hein (Standard support level)
Joined: 02/13/2015
Posts: 14

I get CbFsOpenFileEvent calls with an access mask of just SYNCHRONIZE. That is, not mixed with other access requests. I don't know what to do with this, so I disabled it with these lines:
    if (SYNCHRONIZE == accessMask)
        throw ECBFSError(ERROR_NOT_SUPPORTED);

This seemed to work OK. However, I just discovered there is a use case with Explorer where this breaks. Is it safe to allow this open to go through? I don't see any callbacks for wait-specific events and there is nothing in our logic that really support using our nodes just for synchronization. So I wonder if this is handled at levels above the callbacks.

Henri Hein
Thin Air Labs, Inc
Posted: 09/22/2015 03:57:06
by Volodymyr Zinin (Team)

As I remember SYNCHRONIZE is needed to check whether the operation on the handle has been finished or not. I.e. the handle turns to the signaled state when any I/O operation with this handle has been finished.
In the case SYNCHRONIZE is the only access right then it seems it isn't allowed to perform any operations with this handle. I.e. any attempt to perform operation (read, write, etc) causes the system to immediately finish it with the "access denied" error. Although some kernel mode code (e.g. some antivirus driver) can open a file even with zero access rights and then manually generate "read", "write", or another request and send it to the file system driver. In such case for CBFS you will still get the OnRead, OnWrite, etc callbacks even with the zero access rights handle. It is usual practice for kernel mode components and it works also with NTFS, FATFS.

Is it safe to allow this open to go through?

I think it is safe. In any case if you prohibit it then at least Explorer will start to work incorrectly (as you reported above).



Topic viewed 3058 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!