# HG changeset patch # User moel.mich # Date 1288644261 0 # Node ID 9bf70d316cea371f1ebd3add52c398b2c078aa3c # Parent 763675f19ff49f53856b0907336d2d732e048050 Restricted the access to the kernel driver to system and built-in administrators. diff -r 763675f19ff4 -r 9bf70d316cea Hardware/KernelDriver.cs --- a/Hardware/KernelDriver.cs Sun Oct 31 22:08:47 2010 +0000 +++ b/Hardware/KernelDriver.cs Mon Nov 01 20:44:21 2010 +0000 @@ -36,7 +36,9 @@ */ using System; +using System.IO; using System.Runtime.InteropServices; +using System.Security.AccessControl; using Microsoft.Win32.SafeHandles; namespace OpenHardwareMonitor.Hardware { @@ -78,7 +80,16 @@ NativeMethods.CloseServiceHandle(service); NativeMethods.CloseServiceHandle(manager); - + + try { + // restrict the driver access to system (SY) and builtin admins (BA) + // TODO: replace with a call to IoCreateDeviceSecure in the driver + FileSecurity fileSecurity = File.GetAccessControl(@"\\.\" + id); + fileSecurity.SetSecurityDescriptorSddlForm( + "O:BAG:SYD:(A;;FA;;;SY)(A;;FA;;;BA)"); + File.SetAccessControl(@"\\.\" + id, fileSecurity); + } catch { } + return true; }