OpenAFS Master Repository branch, master, updated. openafs-devel-1_5_76-3280-gdd672ff
Gerrit Code Review
Mon, 21 Jan 2013 18:22:02 -0800 (PST)
The following commit has been merged in the master branch:
Author: Rod Widdowson <email@example.com>
Date: Fri Dec 28 15:00:15 2012 +0000
Windows: Police the DEBUG TRACE ioctls
When we get a IOCTL_AFS_GET_TRACE_BUFFER, a IOCTL_AFS_CONFIGURE_DEBUG_TRACE
or a IOCTL_AFS_FORCE_CRASH, we check to see whether the caller is in the
Administrators group and if it isn't we fail the request with ACCESS_DENIED.
NOTE that this does not check whether the user has done the "run as admin"
thing. We actually need to determine which priviledges are appropriate to
this action and use that rather than group membership to police these actions
and this will be added in a later patch. Meanwhile this represents a
significant increment in security from previously.
Tested-by: BuildBot <firstname.lastname@example.org>
Reviewed-by: Jeffrey Altman <email@example.com>
Tested-by: Jeffrey Altman <firstname.lastname@example.org>
src/WINNT/afsrdr/kernel/fs/AFSCommSupport.cpp | 21 ++++++++++++++++
src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp | 28 ++++++++++++++++++++++
src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h | 3 ++
3 files changed, 52 insertions(+), 0 deletions(-)
OpenAFS Master Repository