VirtualBox

Changeset 99365 in vbox


Ignore:
Timestamp:
Apr 10, 2023 5:28:33 PM (2 years ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
156776
Message:

Additions/Win: Distinguish between normal/privileged users in VBoxGuest.sys (see bugref:10363).

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Additions/common/VBoxGuest/VBoxGuest-win.cpp

    r98103 r99365  
    26482648            {
    26492649                if (fUsersMember)
    2650                     fRequestor = (fRequestor & ~VMMDEV_REQUESTOR_USR_MASK) | VMMDEV_REQUESTOR_USR_GUEST;
     2650                    fRequestor = (fRequestor & ~VMMDEV_REQUESTOR_USR_MASK) | VMMDEV_REQUESTOR_USR_USER;
    26512651                else if (fGuestsMember)
    26522652                    fRequestor = (fRequestor & ~VMMDEV_REQUESTOR_USR_MASK) | VMMDEV_REQUESTOR_USR_GUEST;
     
    26582658        RTMemTmpFree(pCurGroupsFree);
    26592659        ZwClose(hToken);
     2660
     2661        /*
     2662         * Determine whether we should set VMMDEV_REQUESTOR_USER_DEVICE or not.
     2663         *
     2664         * The purpose here is to differentiate VBoxService accesses
     2665         * from VBoxTray and VBoxControl, as VBoxService should be allowed to
     2666         * do more than the latter two.  VBoxService normally runs under the
     2667         * system account which is easily detected, but for debugging and
     2668         * similar purposes we also allow an elevated admin to run it as well.
     2669         */
     2670        if (   (fRequestor & VMMDEV_REQUESTOR_TRUST_MASK) == VMMDEV_REQUESTOR_TRUST_UNTRUSTED /* general paranoia wrt system account */
     2671            || (fRequestor & VMMDEV_REQUESTOR_TRUST_MASK) == VMMDEV_REQUESTOR_TRUST_LOW       /* ditto */
     2672            || (fRequestor & VMMDEV_REQUESTOR_TRUST_MASK) == VMMDEV_REQUESTOR_TRUST_MEDIUM    /* ditto */
     2673            || !(   (fRequestor & VMMDEV_REQUESTOR_USR_MASK) == VMMDEV_REQUESTOR_USR_SYSTEM
     2674                 || (   (   (fRequestor & VMMDEV_REQUESTOR_GRP_WHEEL)
     2675                         || (fRequestor & VMMDEV_REQUESTOR_USR_MASK) == VMMDEV_REQUESTOR_USR_ROOT)
     2676                     && (   (fRequestor & VMMDEV_REQUESTOR_TRUST_MASK) >= VMMDEV_REQUESTOR_TRUST_HIGH
     2677                         || (fRequestor & VMMDEV_REQUESTOR_TRUST_MASK) == VMMDEV_REQUESTOR_TRUST_NOT_GIVEN)) ))
     2678            fRequestor |= VMMDEV_REQUESTOR_USER_DEVICE;
    26602679    }
    26612680    else
     2681    {
    26622682        LogRel(("vgdrvNtCalcRequestorFlags: NtOpenProcessToken query failed: %#x\n", rcNt));
     2683        fRequestor |= VMMDEV_REQUESTOR_USER_DEVICE;
     2684    }
    26632685
    26642686    Log5(("vgdrvNtCalcRequestorFlags: returns %#x\n", fRequestor));
Note: See TracChangeset for help on using the changeset viewer.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette