Changeset 52453 in vbox
- Timestamp:
- Aug 22, 2014 6:42:01 AM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp
r52414 r52453 703 703 pwsz = pwszName + cwcOther + 1; 704 704 705 /* Must be owned by trusted installer. */705 /* Must be owned by trusted installer. (This test is superfuous, thus no relaxation here.) */ 706 706 if ( !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER) 707 707 && !supHardNtViCheckIsOwnedByTrustedInstaller(hFile, pwszName)) … … 1010 1010 /* 1011 1011 * Check the trusted installer bit first, if requested as it's somewhat 1012 * cheaper than the rest. 1012 * cheaper than the rest. We relax this for system32, like we used to, 1013 * as there are apparently some systems out there where the user, admin, 1014 * or someone has changed the ownership of core windows DLLs like 1015 * user32.dll. Since we need user32.dll and will be checking it's digital 1016 * signature, it's reasonably safe to let this thru. 1013 1017 */ 1014 1018 if ( (pNtViRdr->fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER) 1015 1019 && !supHardNtViCheckIsOwnedByTrustedInstaller(pNtViRdr->hFile, pwszName)) 1016 return RTErrInfoSetF(pErrInfo, VERR_SUP_VP_NOT_OWNED_BY_TRUSTED_INSTALLER, 1017 "supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '%ls'.", pwszName); 1020 { 1021 if (!supHardViUtf16PathStartsWithEx(pwszName, (uint32_t)RTUtf16Len(pwszName), 1022 g_System32NtPath.UniStr.Buffer, g_System32NtPath.UniStr.Length / sizeof(WCHAR), 1023 true /*fCheckSlash*/)) 1024 return RTErrInfoSetF(pErrInfo, VERR_SUP_VP_NOT_OWNED_BY_TRUSTED_INSTALLER, 1025 "supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '%ls'.", pwszName); 1026 SUP_DPRINTF(("%ls: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).\n", pwszName)); 1027 } 1018 1028 1019 1029 /*
Note:
See TracChangeset
for help on using the changeset viewer.
