Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-07-31 15:51:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:SE] Fixes for NT tokens.

Browse source 
- SeIsTokenChild(): Correctly check whether a caller-provided token
  is a child from the current process' primary token by looking at
  its ParentTokenId member.

- Add a SeIsTokenSibling() helper to determine whether a caller-provided
  token and the current process' primary token are siblings, by comparing
  their ParentTokenId's and AuthenticationId's.

NOTE: Children tokens are created through CreateRestrictedToken();
sibling tokens are created through DuplicateToken() (amongst others).

See slide 49 of https://www.slideshare.net/Shakacon/social-engineering-the-windows-kernel-by-james-forshaw
or https://googleprojectzero.blogspot.com/2016/01/raising-dead.html
for some details.
This commit is contained in:
Hermès Bélusca-Maïto 2018-09-26 00:51:38 +02:00
parent 3caab66e22
commit 7f9282927b
No known key found for this signature in database
GPG key ID: 3B2539C65E7B93D0
2 changed files with 56 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

7
ntoskrnl/include/internal/se.h
View file

@ -314,6 +314,13 @@ SeIsTokenChild(
OUT PBOOLEAN IsChild
);
NTSTATUS
NTAPI
SeIsTokenSibling(
IN PTOKEN Token,
OUT PBOOLEAN IsSibling
);
NTSTATUS
NTAPI
SepCreateImpersonationTokenDacl(