Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File opening/creating with Nt/Zw APIs are ignored by sandbox #680

Open
rongjiecomputer opened this issue Jul 31, 2019 · 1 comment
Open

File opening/creating with Nt/Zw APIs are ignored by sandbox #680

rongjiecomputer opened this issue Jul 31, 2019 · 1 comment
Assignees
@narasamdya
Labels
help wanted Extra attention is needed

Comments

@rongjiecomputer
Copy link

Detoured Win32 APIs handle file opening/creating, but detoured Nt/Zw APIs seem to not handle it. Msys2/Cygwin C runtime implementation use Nt APIs instead of Win32 APIs to implement POSIX functions, which means programs linked to Msys2/Cygwin runtime are not constrained by the sandbox at all.

Any timeline that this can be fixed? I wonder if the change will look similar to how Detoured Win32 implementation? If the change is not too complicated, will the team accept external PR?

BuildXL/Public/Src/Sandbox/Windows/DetoursServices/DetouredFunctions.cpp

Line 5690 in 8621d3e

// TODO: As part of gradually turning on NtCreateFile detour reports, we currently only enforce deletes (some cmd builtins delete this way),

@narasamdya narasamdya added the help wanted Extra attention is needed label Jul 31, 2019
@narasamdya
Copy link
Collaborator

Yes, the team accepts external PR. Please include unit tests as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@narasamdya narasamdya

Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rongjiecomputer @narasamdya