Device Drivers Create their Corresponding DeviceObject with FILE_DEVICE_SECURE_OPEN DeviceCharacteristics

ID: Q243405

The information in this article applies to:
  • Microsoft Windows NT Server version 4.0
  • Microsoft Windows NT Server, Enterprise Edition version 4.0
  • Microsoft Windows NT Workstation version 4.0

SYMPTOMS

When you open a device object in a program under the following conditions, it is possible to obtain greater access to that object than the designated permissions allow:

  • The device object has already been opened and you specify a relative file name of zero length to open a handle within that object.


  • The path specified to the device includes an additional trailing backslash name or character, and the device does not accommodate a parse routine.


This behavior particularly affects the following files in relation to I/O Manager:
  • Floppy.sys (Floppy Driver in C:\winnt\system32\drivers\)


  • Netdetect.sys (Network Card Detection driver Driver in C:\winnt\system32\drivers\)


  • Parport.sys (Parallel Port Driver in C:\winnt\system32\drivers\)


  • Null.sys (NULL Driver in C:\winnt\system32\drivers\)


  • Beep.sys (BEEP Driver in C:\winnt\system32\drivers\)


  • Scsiport.sys (SCSI Port Driver in C:\winnt\system32\drivers\)


  • Tcpip.sys (TCP/IP driver in C:\winnt\system32\drivers\)



CAUSE

This problem occurs because it is the responsibility of a device driver of the corresponding device that creates or opens a logical DeviceObject in the operating system name space with IoCreateDevice() to represent the device. Detail of IoCreateDevice() can be found on MSDN at http://msdn.microsoft.com/library/ddkdoc/ntddk/native/ddk/kr/src/k104_22.htm.

In Windows NT 4.0 Service Pack 6a and earlier, the seven aforementioned device drivers do not call IoCreateDevice() with the FILE_DEVICE_SECURE_OPEN DeviceCharacteristics. The seven that are included in the C2 Update call IoCreateDevice() with the FILE_DEVICE_SECURE_OPEN DeviceCharacteristics. The Windows NT IO manager that services IoCreateDevice() performs the necessary access check and audits the event if a relative file name of zero length is specified or an additional trailing backslash name or character is included in the path to the device.

NOTE: Other device drivers shipped with Windows NT 4.0 Service Pack 6a have been tested for making the IoCreateDevice() call with the FILE_DEVICE_SECURE_OPEN DeviceCharacteristics.


RESOLUTION

To resolve this problem, the following files are available for download from the Microsoft Download Center or Microsoft's FTP site. Click the file names below to download the appropriate file:

English

x86:
Microsoft Download Center: Q244599i.exe

FTP: Q244599i.exe
Alpha:
Microsoft Download Center: Q244599a.exe

FTP: Q244599a.exe

French

x86:
FTP: Q244599i.exe
Alpha:
FTP: Q244599a.exe

Spanish

x86:
FTP: Q244599i.exe
Alpha:
FTP: Q244599a.exe
For more information about how to download files from the Microsoft Download Center, please visit the Download Center at the following Web address
http://www.microsoft.com/downloads/search.asp
and then click How to use the Microsoft Download Center.


STATUS

Microsoft has confirmed this to be a problem in Windows NT 4.0.

Additional query words: c2 security_patch

Keywords : kbbug4.00 kbfix4.00
Version : winnt:4.0
Platform : winnt
Issue type : kbbug


Last Reviewed: December 23, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.