Vitaliy Margolen wrote:
- /* set process security */
- if (ret && psa && psa->lpSecurityDescriptor)
- {
NTSTATUS status;status = NtSetSecurityObject( info->hProcess, DACL_SECURITY_INFORMATION,psa->lpSecurityDescriptor );ret = status == STATUS_SUCCESS;if (!ret) SetLastError( RtlNtStatusToDosError( status ) );- }
It would be better to pass the security descriptor (or just the DACL if you would prefer) in the new_process call. You should be able to change the security structure validation functions to return the number of bytes used. Therefore, you should be able to put the security data before the other variable data in the new_process call.
Also, I think several tests in advapi32 should succeed after this patch is applied so you will need to patch that too.
Robert Shearman wrote:
Vitaliy Margolen wrote:
- /* set process security */
- if (ret && psa && psa->lpSecurityDescriptor)
- {
NTSTATUS status;status = NtSetSecurityObject( info->hProcess,DACL_SECURITY_INFORMATION,
psa->lpSecurityDescriptor );ret = status == STATUS_SUCCESS;if (!ret) SetLastError( RtlNtStatusToDosError( status ) );- }
It would be better to pass the security descriptor (or just the DACL if you would prefer) in the new_process call. You should be able to change the security structure validation functions to return the number of bytes used. Therefore, you should be able to put the security data before the other variable data in the new_process call.
I've discussed this with Alexandre on IRC and we agreed on using NtSetSecurityObject instead. The problem is we need to send all parts of the SD (as it's need to be validated) and one more SD (for thread). The total number of data would be more then maximum of 5.
Also, I think several tests in advapi32 should succeed after this patch is applied so you will need to patch that too.
Yes thank you. I totally forgot about that.
Vitaliy.
-
Robert Shearman -
Vitaliy Margolen