MercurialOpenHardwareMonitor-retired / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Restricted the access to the kernel driver to system and built-in administrators.
authormoel.mich
Mon, 01 Nov 2010 20:44:21 +0000
changeset 2379bf70d316cea
parent 236 763675f19ff4
child 238 bddc6e01840a
Restricted the access to the kernel driver to system and built-in administrators.
Hardware/KernelDriver.cs file | annotate | diff | revisions 
     1.1 --- a/Hardware/KernelDriver.cs	Sun Oct 31 22:08:47 2010 +0000
     1.2 +++ b/Hardware/KernelDriver.cs	Mon Nov 01 20:44:21 2010 +0000
     1.3 @@ -36,7 +36,9 @@
     1.4  */
     1.5  
     1.6  using System;
     1.7 +using System.IO;
     1.8  using System.Runtime.InteropServices;
     1.9 +using System.Security.AccessControl;
    1.10  using Microsoft.Win32.SafeHandles;
    1.11  
    1.12  namespace OpenHardwareMonitor.Hardware {
    1.13 @@ -78,7 +80,16 @@
    1.14  
    1.15        NativeMethods.CloseServiceHandle(service);
    1.16        NativeMethods.CloseServiceHandle(manager);
    1.17 -
    1.18 +      
    1.19 +      try {
    1.20 +        // restrict the driver access to system (SY) and builtin admins (BA)
    1.21 +        // TODO: replace with a call to IoCreateDeviceSecure in the driver
    1.22 +        FileSecurity fileSecurity = File.GetAccessControl(@"\\.\" + id);
    1.23 +        fileSecurity.SetSecurityDescriptorSddlForm(
    1.24 +          "O:BAG:SYD:(A;;FA;;;SY)(A;;FA;;;BA)");
    1.25 +        File.SetAccessControl(@"\\.\" + id, fileSecurity);
    1.26 +      } catch { }
    1.27 +      
    1.28        return true;
    1.29      }
    1.30
OpenHardwareMonitor-retired