[ros-kernel] Fwd: ReactOS 0.2.4

Anich Gregor blight at blight.eu.org
Sun Sep 19 15:08:08 CEST 2004 

LoL!

This is alpha software anyway... and I don't see what's wrong for omitting the 
file extension of mesa32(.dll) - how can a change to user-writeable registry 
keys make the system any more secure if any program can just change the key 
back to "insecure" values? the safety must come from the code, not the 
registry layout.

just my €0.02 ;)

--blight

On Sunday 19 September 2004 08:37, Jason Filby wrote:
> ---------- Forwarded message ----------
> From: "Stefan Kanthak"
> To:
> Date: Sun, 19 Sep 2004 04:29:24 +0200
> Subject: ReactOS 0.2.4
>
> Hi Jason,
>
> I'm following the ReactOS project with interest and look into
> it from time to time.
> Last week I got the current 0.2.4 and took a closer look, and
> noticed that you've introduced (or copied :-) errors directly
> from MSFT.
>
> 0. The line (in hivesys.inf)
>
> | HKLM,"SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\WinSock","Helper
> |DllName",0x00000000,"%SystemRoot%\System32\wshtcpip.dll"
>
>    contains a environment variable, but the type is REG_SZ, not
>    REG_EXPAND_SZ.
>
> 1. See the following output of
>
>    R:\REACTOS> find /I ",0x0002000" *.inf|find /V "%"
>
>    0x00020000 is REG_EXPAND_SZ, but all the lines listed here
>    don't incorporate an expandable part (environment variable).
>
>  | ---------- HIVECLS.INF
> |
> | ---------- HIVEDEF.INF
> |
> | ---------- HIVESFT.INF
> | HKLM,"SOFTWARE\Microsoft\Windows
>
> NT\CurrentVersion","CurrentVersion",0x00020000,"4.0"
>
> | HKLM,"SOFTWARE\Microsoft\Windows
>
> NT\CurrentVersion","CSDVersion",0x00020000,"Service Pack 6"
>
> | HKLM,"SOFTWARE\Microsoft\Windows
>
> NT\CurrentVersion","CurrentBuildNumber",0x00020000,"1381"
>
> | ---------- HIVESYS.INF
> | HKLM,"SYSTEM\CurrentControlSet\Control\Session
>
> Manager\Environment","OS",0x00020000,"ReactOS"
>
> | HKLM,"SYSTEM\CurrentControlSet\Control\Session
>
> Manager\Environment","PATHEXT",0x00020000,".COM;.EXE;.BAT;.CMD"
>
> | HKLM,"SYSTEM\CurrentControlSet\Services\3c90x","ImagePath",0x00020000,"sy
> |stem32\drivers\el90Xbc5.sys"
> | HKLM,"SYSTEM\CurrentControlSet\Services\Afd","ImagePath",0x00020000,"syst
> |em32\drivers\afd.sys"
>
>    [some twenty lines cut]
>
>    Please consider to ALWAYS specify the full absolute pathname
>    (here: "%SystemRoot%\system32\drivers\xxx.sys") to avoid the
>    possibility of vulnerabilities due to loading of executables
>    from a wrong/undesired path (especially .)!
>
>    Use expandable strings with %SystemDrive% or %SystemRoot%
>    wherever possible to become independent from drive letters
>    (cf. Microsoft Knowledge Base Articles Q249321, Q269049 and
>    Q327522).
>
> 2. The following lines lack the paths to the referenced DLLs and
>    EXEs thus beeing possible security holes:
>
>
> HKLM,"SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002
>BE10318}","EnumPropPages32",0x00000000,"MmSys.Cpl,MediaPr opPageProvider"
>
> | HKCR,"SHCmdFile\shell\open\command","",0x00000000,"explorer.exe ""%1"""
> | HKCR,"InternetShortcut\shell\open\command","",0x00000000,"rundll32.exe
>
> shdocvw.dll,OpenURL %l"
>
> | HKCR,"InternetShortcut\shell\open\command","",0x00000000,"rundll32.exe
>
> shdocvw.dll,OpenURL %l"
>
> | HKCR,"CLSID\{00021400-0000-0000-C000-000000000046}\InProcServer32","",0x0
> |0000000,"shell32.dll"
> | HKCR,"CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32","",0x0
> |0000000,"shell32.dll"
> | HKCR,"CLSID\{000214E6-0000-0000-C000-000000000046}\InProcServer32","",0x0
> |0000000,"shell32.dll"
> | HKCR,"CLSID\{000214EE-0000-0000-C000-000000000046}\InProcServer32","",0x0
> |0000000,"shell32.dll"
> | HKCR,"CLSID\{000214F9-0000-0000-C000-000000000046}\InProcServer32","",0x0
> |0000000,"shell32.dll"
> | HKCR,"CLSID\{00000320-0000-0000-C000-000000000046}\InProcServer32","",0x0
> |0000000,"ole32.dll"
> | ;HKCR,"CLSID\{00000323-0000-0000-C000-000000000046}\InProcServer32","",0x
> |00000000,"ole32.dll"
> | HKCR,"CLSID\{0002E005-0000-0000-C000-000000000046}\InProcServer32","",0x0
> |0000000,"comcat.dll"
> | HKCR,"CLSID\{A907657F-6FDF-11D0-8EFB-00C04FD912B2}\InProcServer32","",0x0
> |0000000,"netcfgx.dll"
>
> HKLM,"SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002
>BE10318}","EnumPropPages32",0x00000000,"NetCfgx.dll,NetPr opPageProvider"
>
> HKLM,"SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002
>BE10318}","Installer32",0x00000000,"NetCfgx.dll,NetClassI nstaller"
>
> HKLM,"SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002
>BE10318}","Installer32",0x00000000,"NetCfgx.dll,NetClassI nstaller"
>
> HKLM,"SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002
>BE10318}","Installer32",0x00000000,"NetCfgx.dll,NetClassI nstaller"
>
> HKLM,"SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002
>BE10318}","Installer32",0x00000000,"NetCfgx.dll,NetClassI nstaller"
>
> | HKLM,"SYSTEM\CurrentControlSet\Control\KeyboardLayouts\00000407","Layout
>
> File",0x00000000,"kbdgr.dll"
>
> | HKLM,"SYSTEM\CurrentControlSet\Control\KeyboardLayouts\00000409","Layout
>
> File",0x00000000,"kbdus.dll"
>
> | HKLM,"SYSTEM\CurrentControlSet\Control\KeyboardLayouts\00010409","Layout
>
> File",0x00000000,"kbddv.dll"
>
> | HKLM,"SYSTEM\CurrentControlSet\Control\KeyboardLayouts\0000040c","Layout
>
> File",0x00000000,"kbdfr.dll"
>
> | HKLM,"SYSTEM\CurrentControlSet\Control\KeyboardLayouts\0000041d","Layout
>
> File",0x00000000,"kbdse.dll"
>
> | HKLM,"SYSTEM\CurrentControlSet\Control\KeyboardLayouts\00000809","Layout
>
> File",0x00000000,"kbduk.dll"
>
> | HKLM,"SYSTEM\CurrentControlSet\Control\Session
>
> Manager\KnownDlls","advapi32",0x00000000,"advapi32.dll"
>
> | HKLM,"SYSTEM\CurrentControlSet\Control\Session
>
> Manager\KnownDlls","kernel32",0x00000000,"kernel32.dll"
>
> 3. Please never omit file extensions as well!
>
> | HKLM,"SOFTWARE\Microsoft\Windows
>
> NT\CurrentVersion\OpenGLDrivers\Mesa","Dll",0x00000000,"mesa32"
>
> 4. Please use "%L" (if possible quoted) instead of "%1" whereever
>    possible when passing arguments:
>
> ---------- HIVECLS.INF
> HKCR,"exefile\Defaulticon","",0x00000000,"%1"
> HKCR,"exefile\shell\open\command","",0x00000000,"""%1"" %*"
> HKCR,"SHCmdFile\shell\open\command","",0x00000000,"explorer.exe ""%1"""
> HKCR,"txtfile\shell\open\command","",0x00020000,"%SystemRoot%\bin\notepad.e
>xe %1"
>
> 5. Please write CLSIDs, GUIDs and UUIDs (and the string "CLSID" too)
>    always in uppercase letters.
>    .NET Framework will enforce this even on MSFT Windows!
>
>    R:\REACTOS> find /I "clsid" *.inf|find /V "CLSID"
>
> ---------- HIVECLS.INF
>
> | HKCR,"Interface\{00000012-0000-0000-C000-000000000046}\ProxyStubClsid32",
> |"",0x00000000,"{00000320-0000-0000-C000-000000000046}"
>
>                                                                    ^^^^
> [some twenty lines cut]
>
> | HKCR,"NDS\Clsid","",0x00000002,"{323991f0-7bad-11cf-b03d-00aa006e0975}"
> | HKCR,"WinNT\Clsid","",0x00000002,"{8b20cd60-0f29-11cf-abc4-02608c9e7553}"
>
> ---------- HIVEDEF.INF
>
> ---------- HIVESFT.INF
>
> ---------- HIVESYS.INF
> HKLM,"SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-080
>02BE10318}\{RandomProtocolGUID_TCPIP}\Ndi","ClsId",0x0000
> 0000,"{A907657F-6FDF-11D0-8EFB-00C04FD912B2}"
>
> 6. Please use CamelCase and Capitals for all registry entries:
> | HKCR,"SHCmdFile\Shell\Open\Command","",0x00000000,"explorer.exe ""%1"""
>
>                   ^     ^    ^
>
> | HKCR,"SHCmdFile\ShellEx\IconHandler","",0x00000000,"{57651662-CE3E-11D0-8
> |D77-00C04FC99D61}"
>
>                   ^    ^
>
> regards
> Stefan Kanthak
> _______________________________________________
> Ros-kernel mailing list
> Ros-kernel at reactos.com
> http://reactos.com/mailman/listinfo/ros-kernel

More information about the Ros-kernel mailing list