[NTOSKRNL] Use relaxed ACLs in ObpCreateGlobalDosDevicesSD when protection mode is not set

2024-07-03 03:04:22 +00:00 · 2019-05-21 08:37:36 +02:00 · 2019-05-21 08:37:36 +02:00 · 33f524c625
parent 1c4e44592c
commit 33f524c625
1 changed files with 99 additions and 52 deletions
--- a/ntoskrnl/ob/obname.c
+++ b/ntoskrnl/ob/obname.c
@ -44,68 +44,115 @@ ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
    ULONG AclSize, SdSize;
    NTSTATUS Status;
-    AclSize = sizeof(ACL) +
+    if (ObpProtectionMode & 1)
              sizeof(ACE) + RtlLengthSid(SeWorldSid) +
              sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
              sizeof(ACE) + RtlLengthSid(SeWorldSid) +
              sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid) +
              sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
              sizeof(ACE) + RtlLengthSid(SeCreatorOwnerSid);
    SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
    /* Allocate the SD and ACL */
    Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
    if (Sd == NULL)
    {
-        return STATUS_INSUFFICIENT_RESOURCES;
+        AclSize = sizeof(ACL) +
                  sizeof(ACE) + RtlLengthSid(SeWorldSid) +
                  sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
                  sizeof(ACE) + RtlLengthSid(SeWorldSid) +
                  sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid) +
                  sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
                  sizeof(ACE) + RtlLengthSid(SeCreatorOwnerSid);
        SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
        /* Allocate the SD and ACL */
        Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
        if (Sd == NULL)
        {
            return STATUS_INSUFFICIENT_RESOURCES;
        }
        /* Initialize the SD */
        Status = RtlCreateSecurityDescriptor(Sd,
                                             SECURITY_DESCRIPTOR_REVISION);
        if (!NT_SUCCESS(Status))
            return Status;
        Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
        /* Initialize the DACL */
        RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
        /* Add the ACEs */
        RtlAddAccessAllowedAce(Dacl,
                               ACL_REVISION,
                               GENERIC_READ | GENERIC_EXECUTE,
                               SeWorldSid);
        RtlAddAccessAllowedAce(Dacl,
                               ACL_REVISION,
                               GENERIC_ALL,
                               SeLocalSystemSid);
        RtlAddAccessAllowedAceEx(Dacl,
                                 ACL_REVISION,
                                 INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
                                 GENERIC_EXECUTE,
                                 SeWorldSid);
        RtlAddAccessAllowedAceEx(Dacl,
                                 ACL_REVISION,
                                 INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
                                 GENERIC_ALL,
                                 SeAliasAdminsSid);
        RtlAddAccessAllowedAceEx(Dacl,
                                 ACL_REVISION,
                                 INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
                                 GENERIC_ALL,
                                 SeLocalSystemSid);
        RtlAddAccessAllowedAceEx(Dacl,
                                 ACL_REVISION,
                                 INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
                                 GENERIC_ALL,
                                 SeCreatorOwnerSid);
    }
    else
    {
        AclSize = sizeof(ACL) +
                  sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
                  sizeof(ACE) + RtlLengthSid(SeWorldSid) +
                  sizeof(ACE) + RtlLengthSid(SeLocalSystemSid);
-    /* Initialize the SD */
+        SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
    Status = RtlCreateSecurityDescriptor(Sd,
                                         SECURITY_DESCRIPTOR_REVISION);
    if (!NT_SUCCESS(Status))
        return Status;
-    Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
+        /* Allocate the SD and ACL */
        Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
        if (Sd == NULL)
        {
            return STATUS_INSUFFICIENT_RESOURCES;
        }
-    /* Initialize the DACL */
+        /* Initialize the SD */
-    RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
+        Status = RtlCreateSecurityDescriptor(Sd,
                                             SECURITY_DESCRIPTOR_REVISION);
        if (!NT_SUCCESS(Status))
            return Status;
-    /* Add the ACEs */
+        Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
    RtlAddAccessAllowedAce(Dacl,
                           ACL_REVISION,
                           GENERIC_READ | GENERIC_EXECUTE,
                           SeWorldSid);
-    RtlAddAccessAllowedAce(Dacl,
+        /* Initialize the DACL */
-                           ACL_REVISION,
+        RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
                           GENERIC_ALL,
                           SeLocalSystemSid);
-    RtlAddAccessAllowedAceEx(Dacl,
+        /* Add the ACEs */
-                             ACL_REVISION,
+        RtlAddAccessAllowedAce(Dacl,
-                             INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+                               ACL_REVISION,
-                             GENERIC_EXECUTE,
+                               GENERIC_READ | GENERIC_EXECUTE | GENERIC_WRITE,
-                             SeWorldSid);
+                               SeWorldSid);
-    RtlAddAccessAllowedAceEx(Dacl,
+        RtlAddAccessAllowedAce(Dacl,
-                             ACL_REVISION,
+                               ACL_REVISION,
-                             INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+                               GENERIC_ALL,
-                             GENERIC_ALL,
+                               SeLocalSystemSid);
                             SeAliasAdminsSid);
-    RtlAddAccessAllowedAceEx(Dacl,
+        RtlAddAccessAllowedAceEx(Dacl,
-                             ACL_REVISION,
+                                 ACL_REVISION,
-                             INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+                                 INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
-                             GENERIC_ALL,
+                                 GENERIC_ALL,
-                             SeLocalSystemSid);
+                                 SeWorldSid);
-
+    }
    RtlAddAccessAllowedAceEx(Dacl,
                             ACL_REVISION,
                             INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
                             GENERIC_ALL,
                             SeCreatorOwnerSid);
    /* Attach the DACL to the SD */
    Status = RtlSetDaclSecurityDescriptor(Sd,