Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-17539

The kernel indiscriminately impersonates the client

    XMLWordPrintable

Details

    Description

      PsImpersonateClient firstly ensures that the token we'll be going to provide it to the call can be actually impersonated in the first place, amongst other necessary requirements to be met (process' token mustn't be restricted, and so forth). Otherwise the kernel makes a copy of the token accordingly, to satisfy the caller's request.

      None of that is done in ReactOS and that leads to inconsistencies and whatever issues might arise whilst impersonating. The SRM/Se component provides SeTokenCanImpersonate for use for the kernel, which is currently not implemented in our codebase.

      Attachments

        Activity

          People

            Fraizeraust George Bișoc
            Fraizeraust George Bișoc
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: