[PATCH 3/3] server: Check object's security when creating
handles.
Robert Shearman
rob at codeweavers.com
Tue Feb 20 07:35:36 CST 2007
Vitaliy Margolen wrote:
> After
> checking object's SD against token we fail some tests.
> What it seems to me is that some one tried to "optimize" this part in
> windows and instead created a security problem.
If you already have a valid handle to the object, then it isn't really a
security problem to have another one with the same access rights.
> @@ -450,25 +453,34 @@ obj_handle_t duplicate_handle( struct pr
> unsigned int access, unsigned int attr, unsigned int options )
> {
> obj_handle_t res;
> + struct handle_entry *entry;
> + unsigned int src_access, dst_access;
> struct object *obj = get_handle_obj( src, src_handle, 0, NULL );
>
> if (!obj) return 0;
> - if (options & DUP_HANDLE_SAME_ACCESS)
> + if ((entry = get_handle( src, src_handle )))
> + src_access = entry->access;
> + else /* pseudo-handle, give it full access */
> {
> - struct handle_entry *entry = get_handle( src, src_handle );
> - if (entry)
> - access = entry->access;
> - else /* pseudo-handle, give it full access */
> - {
> - access = obj->ops->map_access( obj, GENERIC_ALL );
> - clear_error();
> - }
> + src_access = obj->ops->map_access( obj, GENERIC_ALL );
> + clear_error();
> }
> - access &= ~RESERVED_ALL;
> + src_access &= ~RESERVED_ALL;
> +
> + if (options & DUP_HANDLE_SAME_ACCESS)
> + dst_access = src_access;
> + else
> + dst_access = obj->ops->map_access( obj, access ) & ~RESERVED_ALL;
> +
> + /* asking for more or the same/less access rights */
> + access = ~src_access & dst_access ? dst_access : 0;
> +
> if (options & DUP_HANDLE_MAKE_GLOBAL)
> res = alloc_global_handle( obj, access );
> else
> res = alloc_handle( dst, obj, access, attr );
> + if (res) get_handle( dst, res )->access = dst_access;
> +
>
It would seem better to add an extra parameter to alloc_handle and
alloc_global_handle to tell them to not check access rather than adding
this hack. It should use less processor time and it should make patch 2
not necessary.
--
Rob Shearman
More information about the wine-devel
mailing list