Prev: Seven API to force local driver check first
Next: Bug in Registry Editor (Windows Vista),...
From: Don Burn on 9 Feb 2010 12:53
This is a valid security issue, people were bypassing file system
security by reading the raw sectors. You can read and write the parts
of the disk that are not part of a file system partition but not bypass
the file system. Personally, I agree with the logic.

--
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

"Boba" <Boba(a)somewhere.net> wrote in message
news:OlcyF$aqKHA.3792(a)TK2MSFTNGP05.phx.gbl:

> "Don Burn" <burn(a)stopspam.windrvr.com> wrote in message
> news:ua6R%234aqKHA.4636(a)TK2MSFTNGP06.phx.gbl...
>
> > No, you cannot.
>
>
> thanks for the bad news.
>
>
> > You need a filter driver in the stack to do it.
>
>
> that's what i was afraid of: eventually all windows
> programming will be kernel mode/driver writting....


__________ Information from ESET Smart Security, version of virus
signature database 4851 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com


From: Corinna Vinschen on 9 Feb 2010 12:53
Don Burn wrote:
> Actually starting with Vista you cannot access the raw sectors on the disk
> while the disk is mounted for normal file operations. So your claim is
> incorrect.

I was a bit surprised by this, so I just tested it again under Windows
Server 2008 and under Windows 7. It works still fine to access the
system disk and all partitions on it, including the system partition,
for reading from Cygwin. This is pure user space, with full admin
rights. Did you mean access is denied for writing, by any chance?
I didn't test that, for obvious reasons...


Corinna

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
From: Boba on 9 Feb 2010 13:05
"Don Burn" <burn(a)stopspam.windrvr.com> wrote in message
news:OHT18CbqKHA.4284(a)TK2MSFTNGP04.phx.gbl...
> This is a valid security issue, people were bypassing file system security
> by reading the raw sectors. You can read and write the parts of the disk
> that are not part of a file system partition but not bypass the file
> system. Personally, I agree with the logic.

yes, very good point. i still don't understand why
would just reading the raw sectors compromise system's
security. in my case, all i need is the x_READ access.


From: Boba on 9 Feb 2010 13:09
"Corinna Vinschen" <corinna(a)community.nospam> wrote in message
news:hks7el$cj2$1(a)perth.hirmke.de...
> ...
> I just tested it again under Windows
> Server 2008 and under Windows 7.
> It works still fine to access the
> system disk and all partitions on it,
> including the system partition,
> for reading from Cygwin. This is
> pure user space, with full admin
> rights.

many thanks for the test! good news.


From: Don Burn on 9 Feb 2010 13:14

This surprises me, I know that when Vista came out this could not be
done, it is possible that Microsoft changed the model.

--
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply


"Corinna Vinschen" <corinna(a)community.nospam> wrote in message
news:hks7el$cj2$1(a)perth.hirmke.de:

> Don Burn wrote:
>
> > Actually starting with Vista you cannot access the raw sectors on the disk
> > while the disk is mounted for normal file operations. So your claim is
> > incorrect.
>
>
> I was a bit surprised by this, so I just tested it again under Windows
> Server 2008 and under Windows 7. It works still fine to access the
> system disk and all partitions on it, including the system partition,
> for reading from Cygwin. This is pure user space, with full admin
> rights. Did you mean access is denied for writing, by any chance?
> I didn't test that, for obvious reasons...
>
>
> Corinna
>
> --
> Corinna Vinschen
> Cygwin Project Co-Leader
> Red Hat


__________ Information from ESET Smart Security, version of virus
signature database 4851 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com


First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: Seven API to force local driver check first
Next: Bug in Registry Editor (Windows Vista),...