From: Pierre Schweitzer Date: Sat, 27 Oct 2018 09:48:52 +0000 (+0200) Subject: [NTOSKRNL] Add support for unsecure object names X-Git-Tag: 0.4.12-dev~417 X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=9c6037182c86165a35e8dbc07fac2d9a9892a258 [NTOSKRNL] Add support for unsecure object names --- diff --git a/ntoskrnl/ob/obname.c b/ntoskrnl/ob/obname.c index 5177cc12248..a9d05c8137e 100644 --- a/ntoskrnl/ob/obname.c +++ b/ntoskrnl/ob/obname.c @@ -814,11 +814,27 @@ ParseFromRoot: /* Get the object header */ ObjectHeader = OBJECT_TO_OBJECT_HEADER(InsertObject); - /* FIXME: Check if this is a Section Object or Sym Link */ - /* FIXME: If it is, then check if this isn't session 0 */ - /* FIXME: If it isn't, check for SeCreateGlobalPrivilege */ - /* FIXME: If privilege isn't there, check for unsecure name */ - /* FIXME: If it isn't a known unsecure name, then fail */ + /* + * Deny object creation if: + * That's a section object or a symbolic link + * Which isn't in the same section that root directory + * That doesn't have the SeCreateGlobalPrivilege + * And that is not a known unsecure name + */ + if (RootDirectory->SessionId != -1) + { + if (ObjectHeader->Type == MmSectionObjectType || + ObjectHeader->Type == ObpSymbolicLinkObjectType) + { + if (RootDirectory->SessionId != PsGetCurrentProcessSessionId() && + !SeSinglePrivilegeCheck(SeCreateGlobalPrivilege, AccessCheckMode) && + !ObpIsUnsecureName(&ComponentName, BooleanFlagOn(Attributes, OBJ_CASE_INSENSITIVE))) + { + Status = STATUS_ACCESS_DENIED; + break; + } + } + } /* Create Object Name */ NewName = ExAllocatePoolWithTag(PagedPool,