Re: [PATCH 3/3] server: Check object's security when creating handles.

20 Feb 2007


      Robert Shearman wrote:
...
Vitaliy Margolen wrote:
...
After
checking object's SD against token we fail some tests.
What it seems to me is that some one tried to "optimize" this part in
windows and instead created a security problem.
If you already have a valid handle to the object, then it isn't really a
security problem to have another one with the same access rights.
Actually that's a pseudo-handle from GetCurrentProcess(). Which can be
duplicated into say global handle with maximum access. So when an app
creates a process and sets any access restrictions on it, it's all
useless for the process itself - as it can always gain 100% access to
itself, and give that 100% access to anyone who wants.
Vitaliy.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Re: [PATCH 3/3] server: Check object's security when creating handles.