Is there a point to this blatant behavior change? Best regards, Alex Ionescu
On Sun, Apr 1, 2018 at 3:04 PM, Hermès Bélusca-Maïto < hermes.belusca-ma...@reactos.org> wrote: > https://git.reactos.org/?p=reactos.git;a=commitdiff;h= > f0729b30bb79d6f538cf2b9578ff8ebe7989f8d3 > > commit f0729b30bb79d6f538cf2b9578ff8ebe7989f8d3 > Author: Hermès Bélusca-Maïto <hermes.belusca-ma...@reactos.org> > AuthorDate: Sun Apr 1 14:46:19 2018 +0200 > Commit: Hermès Bélusca-Maïto <hermes.belusca-ma...@reactos.org> > CommitDate: Sun Apr 1 22:39:31 2018 +0200 > > [NTOSKRNL] Forbid processes without the Tcb prvilege to perform a > user-mode hard-error BSOD. > --- > ntoskrnl/ex/harderr.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > > diff --git a/ntoskrnl/ex/harderr.c b/ntoskrnl/ex/harderr.c > index 84f409a1bb..a5200e3e74 100644 > --- a/ntoskrnl/ex/harderr.c > +++ b/ntoskrnl/ex/harderr.c > @@ -132,8 +132,18 @@ ExpRaiseHardError(IN NTSTATUS ErrorStatus, > /* Check if this error will shutdown the system */ > if (ValidResponseOptions == OptionShutdownSystem) > { > - /* Check for privilege */ > - if (!SeSinglePrivilegeCheck(SeShutdownPrivilege, PreviousMode)) > + /* > + * Check if we have the privileges. > + * > + * NOTE: In addition to the Shutdown privilege we also check > whether > + * the caller has the Tcb privilege. The purpose is to allow only > + * SYSTEM processes to "shutdown" the system on hard errors (BSOD) > + * while forbidding regular processes to do so. This behaviour > differs > + * from Windows, where any user-mode process, as soon as it has > the > + * Shutdown privilege, can trigger a hard-error BSOD. > + */ > + if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode) || > + !SeSinglePrivilegeCheck(SeShutdownPrivilege, PreviousMode)) > { > /* No rights */ > *Response = ResponseNotHandled; > >
_______________________________________________ Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
