[ros-dev] [ros-diffs] [hbelusca] 66192: [WINLOGON][WIN32K] Move the shutdown privilege check from winlogon to win32k (function "UserInitiateShutdown") as it should be done. [WIN32K] - Introduce the pair of UserInitiateS...

Zachary Gorden drakekaizer666 at gmail.com
Mon Feb 9 19:02:11 UTC 2015 

I see we have a volunteer for writing the post. Thanks Thomas!

On Mon, Feb 9, 2015 at 12:54 PM, Thomas Faber <thomas.faber at reactos.org>
wrote:

> Well, we don't need to be jailbroken, so we can be secure. ;)
>
> Let's fix it, blog about it, and get someone to publish something along
> the lines of "Open Source Windows clone more secure than Windows --
> ReactOS developers fixed vulnerability, but Microsoft's response to the
> same issue still outstanding"
> Everyone wins :D
>
>
> On 2015-02-09 19:37, Alex Ionescu wrote:
> > This would be the win32k 0 day that's been blogged and unfixed in Windows
> > for over 4 years now, and which allows the Surface RT to be jailbroken.
> You
> > really want to fix this? :( What about hackcompat?!
> >
> > Best regards,
> > Alex Ionescu
> >
> > On Sun, Feb 8, 2015 at 12:37 AM, Thomas Faber <thomas.faber at reactos.org>
> > wrote:
> >
> >> On 2015-02-07 16:26, hbelusca at svn.reactos.org wrote:
> >>> @@ -792,24 +791,54 @@
> >>>          case UserThreadInitiateShutdown:
> >>>          {
> >>>              ERR("Shutdown initiated\n");
> >>> -            STUB;
> >>> -            Status = STATUS_NOT_IMPLEMENTED;
> >>> +
> >>> +            if (ThreadInformationLength != sizeof(ULONG))
> >>> +            {
> >>> +                Status = STATUS_INFO_LENGTH_MISMATCH;
> >>> +                break;
> >>> +            }
> >>> +
> >>> +            Status = UserInitiateShutdown(Thread,
> >> (PULONG)ThreadInformation);
> >>>              break;
> >>>          }
> >>
> >> This looks like contrary to the other cases, ThreadInformation is
> >> neither probed, nor accessed inside SEH here?
>
>
> _______________________________________________
> Ros-dev mailing list
> Ros-dev at reactos.org
> http://www.reactos.org/mailman/listinfo/ros-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.reactos.org/pipermail/ros-dev/attachments/20150209/ce9c9b0d/attachment.html>

More information about the Ros-dev mailing list