Comments (7)
Converting a user-mode handle to kernel-mode handle would be a bad idea since it could be abused to elevate handle privileges?
Driver Verifier can also be problematic because it's not designed for software drivers and additionally KProcessHacker blocks it's queries since verifier hasn't been signed with our certificate.
RE: suggestions.
A) IsKernelHandle is identical to ObIsKernelHandle.
b) Including pdb files with the binary distribution would allow plugins to call non-exported functions and bypass security restrictions.
from systeminformer.
Hi @dmex , well it is not a conversion exactly. Is re-opening the handle in kernel mode to do the check and close it. There is no security issues because the driver is not sending the duplicated handle to user mode.
from systeminformer.
just wanted to be sure since "convert the user-mode handle to kernel-mode" can have a different meaning to "re-opening the handle in kernel mode to do the check" 😉
I'm going to close this since we're replacing the driver and this issue is no longer a problem with new version 👍
from systeminformer.
Glad to hear about a new version. Excellent job.
Kind regards.
from systeminformer.
MS finally fixed one of the pdb security flaws:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037
from systeminformer.
Hi @dmex I'm a bit lost about relationship between the pdb vulnerability and user/kernel mode handle conversion. Regards.
from systeminformer.
@mxmauro You asked me to include pdb files with the releases in addition to the handle conversion?
b) Include .pdb files in binary distributions.
from systeminformer.
Related Issues (20)
- Power consumption calculation and tray graph
- Not found some #define values HOT 2
- Duplicate some #defines and structs, enums HOT 1
- Missing some .h files in phnt.h HOT 1
- Make multiple selections of devices work with enable, disable, etc. HOT 1
- Multiple instances even when not allowed. HOT 1
- Private Bytes on performance tab on properties of a process not scaling correctly HOT 1
- Question: Is it possible to disallow the execution of a process? HOT 5
- Requesting support for Windows Kernel version HOT 1
- PPL process inside a Server Silo HOT 2
- Expose ProcessStartKey HOT 2
- Support multiple update channels
- Error updating to latest version HOT 7
- Crash when switching to Firewall Tab HOT 3
- System Informer throws an exception in the Firewall tab HOT 2
- Add continous ping mode to traceroute HOT 1
- unreachable code inside `PhGenerateSyscallLists` HOT 1
- Add Service Group column to 'Services' tab HOT 2
- Error checking for update HOT 1
- pls help HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from systeminformer.