So to be clear, while the kernel still has tons of incompatible code and issues to barely run as a Win2003-compatible kernel, whenever there's an NT design decision you disagree with, you're going to be rewriting the little bit of code that _does work well_ to work contrary to how NT works? Did I get that right?
Good luck. Best regards, Alex Ionescu On Mon, Apr 2, 2018 at 6:48 AM, Hermès BÉLUSCA-MAÏTO <hermes.belu...@sfr.fr> wrote: > Yes, to only allow programs that REALLY REALLY REALLY REALLY ….. need to > do so to trigger the hard-error “shutdown” BSOD from user-mode to do so, > and these programs would better be only those that run only in SYSTEM > rights, and more exactly these include CSRSS, WINLOGON and SMSS when > something very bad happen to them. > > I would not appreciate, for example, that when I run a program under a > not-so privileged account (like, some random user account) that has just > the shutdown privilege to shut the computer down properly, that this > program suddently “BSODS” my machine. > > To these programs, I say “f$ck these!” > > > > Regards, > > Hermès > > > > *De :* Ros-dev [mailto:ros-dev-boun...@reactos.org] *De la part de* Alex > Ionescu > *Envoyé :* lundi 2 avril 2018 04:20 > *À :* ReactOS Development List; Hermès Bélusca-Maïto > *Cc :* Linda Wang > *Objet :* Re: [ros-dev] [ros-diffs] 02/08: [NTOSKRNL] Forbid processes > without the Tcb prvilege to perform a user-mode hard-error BSOD. > > > > Is there a point to this blatant behavior change? > > > Best regards, > Alex Ionescu > > > > On Sun, Apr 1, 2018 at 3:04 PM, Hermès Bélusca-Maïto < > hermes.belusca-ma...@reactos.org> wrote: > > https://git.reactos.org/?p=reactos.git;a=commitdiff;h= > f0729b30bb79d6f538cf2b9578ff8ebe7989f8d3 > > commit f0729b30bb79d6f538cf2b9578ff8ebe7989f8d3 > Author: Hermès Bélusca-Maïto <hermes.belusca-ma...@reactos.org> > AuthorDate: Sun Apr 1 14:46:19 2018 +0200 > Commit: Hermès Bélusca-Maïto <hermes.belusca-ma...@reactos.org> > CommitDate: Sun Apr 1 22:39:31 2018 +0200 > > [NTOSKRNL] Forbid processes without the Tcb prvilege to perform a > user-mode hard-error BSOD. > --- > ntoskrnl/ex/harderr.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > > diff --git a/ntoskrnl/ex/harderr.c b/ntoskrnl/ex/harderr.c > index 84f409a1bb..a5200e3e74 100644 > --- a/ntoskrnl/ex/harderr.c > +++ b/ntoskrnl/ex/harderr.c > @@ -132,8 +132,18 @@ ExpRaiseHardError(IN NTSTATUS ErrorStatus, > /* Check if this error will shutdown the system */ > if (ValidResponseOptions == OptionShutdownSystem) > { > - /* Check for privilege */ > - if (!SeSinglePrivilegeCheck(SeShutdownPrivilege, PreviousMode)) > + /* > + * Check if we have the privileges. > + * > + * NOTE: In addition to the Shutdown privilege we also check > whether > + * the caller has the Tcb privilege. The purpose is to allow only > + * SYSTEM processes to "shutdown" the system on hard errors (BSOD) > + * while forbidding regular processes to do so. This behaviour > differs > + * from Windows, where any user-mode process, as soon as it has > the > + * Shutdown privilege, can trigger a hard-error BSOD. > + */ > + if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode) || > + !SeSinglePrivilegeCheck(SeShutdownPrivilege, PreviousMode)) > { > /* No rights */ > *Response = ResponseNotHandled; > > > > _______________________________________________ > Ros-dev mailing list > Ros-dev@reactos.org > http://www.reactos.org/mailman/listinfo/ros-dev > >
_______________________________________________ Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
