儲存庫 vbox 的更動 52404

時間撮記:

2014-8-19 上午12:52:17 (10 年 以前)

作者:

vboxsync

訊息:

Simplified the checks.

位置:

trunk/src/VBox/HostDrivers/Support

檔案:

• Makefile.kmk (修改) (3 筆差異)
• win/SUPHardenedVerifyImage-win.cpp (修改) (5 筆差異)
• win/SUPR3HardenedMain-win.cpp (修改) (6 筆差異)

trunk/src/VBox/HostDrivers/Support/Makefile.kmk

@@ -143 +143 @@
         $(if $(VBOX_WITH_MAIN),VBOX_WITH_MAIN,) \
         $(if $(VBOX_WITH_RAW_MODE),VBOX_WITH_RAW_MODE,) \
-        VBOX_PERMIT_MORE
+        VBOX_PERMIT_MORE \
+        VBOX_PERMIT_EVEN_MORE
 SUPR3_INCS         := $(PATH_SUB_CURRENT)
 SUPR3_SOURCES       = \
@@ -185 +186 @@
         $(if $(VBOX_WITHOUT_DEBUGGER_CHECKS),VBOX_WITHOUT_DEBUGGER_CHECKS,) \
         $(if $(VBOX_PERMIT_VISUAL_STUDIO_PROFILING),VBOX_PERMIT_VISUAL_STUDIO_PROFILING,) \
-        VBOX_PERMIT_MORE
+        VBOX_PERMIT_MORE \
+        VBOX_PERMIT_EVEN_MORE
 ifdef VBOX_WITH_VISTA_NO_SP
  SUPR3HardenedStatic_DEFS.win += VBOX_WITH_VISTA_NO_SP
@@ -563 +565 @@
   VBoxDrv_DEFS           += VBOX_PERMIT_VISUAL_STUDIO_PROFILING
  endif
- VBoxDrv_DEFS            += VBOX_PERMIT_MORE
+ VBoxDrv_DEFS            += VBOX_PERMIT_MORE VBOX_PERMIT_EVEN_MORE
  #VBoxDrv_DEFS.debug      += DEBUG_DARWIN_GIP
  VBoxDrv_DEFS.darwin     := VBOX_WITH_HOST_VMX

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp

@@ -69 +69 @@
  * enough a good while. */
 #define SUPHARDNTVI_MAX_CAT_HASH_SIZE   128
+
+
+#if defined(VBOX_PERMIT_EVEN_MORE) && !defined(VBOX_PERMIT_MORE)
+# error "VBOX_PERMIT_EVEN_MORE without VBOX_PERMIT_MORE!"
+#endif
 
 
@@ -728 +733 @@
            version.  If it should, it's likely to be a fake. */
         /** @todo list of signed dlls for various windows versions.  */
-SUP_DPRINTF(("supHardNtViCheckIfNotSignedOk: VINF_LDRVI_NOT_SIGNED\n"));
         return VINF_LDRVI_NOT_SIGNED;
 #else
@@ -735 +739 @@
     }
 
+
 #ifndef IN_RING0
     /*
@@ -753 +758 @@
             return rc;
 
-        if (   (fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER)
-            && supHardNtViCheckIsOwnedByTrustedInstaller(hFile, pwszName))
-            return VINF_LDRVI_NOT_SIGNED;
-        return rc;
-    }
-#endif /* !IN_RING0 */
-
-#ifdef VBOX_PERMIT_MORE
-    /*
-     * AppPatch whitelist.
-     */
-    if (supHardViIsAppPatchDir(pwszName, cwcName))
-    {
-        cwcOther = g_System32NtPath.UniStr.Length / sizeof(WCHAR); /* ASSUMES System32 is called System32. */
-        pwsz = pwszName + cwcOther + 1;
-
+        /* Must be owned by trusted installer. */
         if (   !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER)
             && !supHardNtViCheckIsOwnedByTrustedInstaller(hFile, pwszName))
             return rc;
-
+        return VINF_LDRVI_NOT_SIGNED;
+    }
+#endif /* !IN_RING0 */
+
+
+#ifdef VBOX_PERMIT_MORE
+    /*
+     * AppPatch whitelist.
+     */
+    if (supHardViIsAppPatchDir(pwszName, cwcName))
+    {
+        cwcOther = g_System32NtPath.UniStr.Length / sizeof(WCHAR); /* ASSUMES System32 is called System32. */
+        pwsz = pwszName + cwcOther + 1;
+
+        if (   !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER)
+            && !supHardNtViCheckIsOwnedByTrustedInstaller(hFile, pwszName))
+            return rc;
+
+# ifndef VBOX_PERMIT_EVEN_MORE
         if (supHardViUtf16PathIsEqual(pwsz, "acres.dll"))
             return VINF_LDRVI_NOT_SIGNED;
 
-# ifdef RT_ARCH_AMD64
+#  ifdef RT_ARCH_AMD64
         if (supHardViUtf16PathIsEqual(pwsz, "AppPatch64\\AcGenral.dll"))
             return VINF_LDRVI_NOT_SIGNED;
-# elif defined(RT_ARCH_X86)
+#  elif defined(RT_ARCH_X86)
         if (supHardViUtf16PathIsEqual(pwsz, "AcGenral.dll"))
             return VINF_LDRVI_NOT_SIGNED;
+#  endif
+# endif /* !VBOX_PERMIT_EVEN_MORE */
+
+# ifdef IN_RING0
+        return rc;
+# else
+        return VINF_LDRVI_NOT_SIGNED;
 # endif
-
-# ifndef IN_RING0
-        return VINF_LDRVI_NOT_SIGNED;
-# else
-        return rc;
-# endif
     }
 #endif /* VBOX_PERMIT_MORE */
 
-#if !defined(IN_RING0) && defined(VBOX_PERMIT_MORE)
+
+#ifndef IN_RING0
+# if defined(VBOX_PERMIT_MORE) && !defined(VBOX_PERMIT_EVEN_MORE)
     /*
      * Program files and common files.
@@ -813 +824 @@
        )
     {
-        if (   (fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER)
-            && supHardNtViCheckIsOwnedByTrustedInstaller(hFile, pwszName))
-            return VINF_LDRVI_NOT_SIGNED;
-        return rc;
-    }
-#endif /* !IN_RING0 && VBOX_PERMIT_MORE*/
-
+        if (   !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER)
+            && !supHardNtViCheckIsOwnedByTrustedInstaller(hFile, pwszName))
+            return rc;
+        return VINF_LDRVI_NOT_SIGNED;
+    }
+
+# elif defined(VBOX_PERMIT_MORE) && defined(VBOX_PERMIT_EVEN_MORE)
+    /*
+     * Anything that's owned by the trusted installer.
+     */
+    if (   (fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER)
+        || supHardNtViCheckIsOwnedByTrustedInstaller(hFile, pwszName))
+        return VINF_LDRVI_NOT_SIGNED;
+
+# endif
+#endif /* !IN_RING0 */
+
+    /*
+     * Not permitted.
+     */
     return rc;
 }

trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp

@@ -1173 +1173 @@
     }
 
+#ifndef VBOX_PERMIT_EVEN_MORE
     /*
      * Check the path.  We don't allow DLLs to be loaded from just anywhere:
@@ -1183 +1184 @@
      *      7. x86 variations of 4 & 5 - ditto.
      */
-    bool fSystem32 = false;
     Assert(g_SupLibHardenedExeNtPath.UniStr.Buffer[g_offSupLibHardenedExeNtName - 1] == '\\');
     uint32_t fFlags = 0;
     if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_System32NtPath.UniStr, true /*fCheckSlash*/))
-    {
-        fSystem32 = true;
         fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
-    }
     else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_WinSxSNtPath.UniStr, true /*fCheckSlash*/))
         fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
@@ -1197 +1194 @@
                                             g_offSupLibHardenedExeNtName, false /*fCheckSlash*/))
         fFlags |= SUPHNTVI_F_REQUIRE_KERNEL_CODE_SIGNING | SUPHNTVI_F_REQUIRE_SIGNATURE_ENFORCEMENT;
-#ifdef VBOX_PERMIT_MORE
+# ifdef VBOX_PERMIT_MORE
     else if (supHardViIsAppPatchDir(uBuf.UniStr.Buffer, uBuf.UniStr.Length / sizeof(WCHAR)))
         fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
@@ -1204 +1201 @@
     else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_CommonFilesNtPath.UniStr, true /*fCheckSlash*/))
         fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
-# ifdef RT_ARCH_AMD64
+#  ifdef RT_ARCH_AMD64
     else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_ProgramFilesX86NtPath.UniStr, true /*fCheckSlash*/))
         fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
     else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_CommonFilesX86NtPath.UniStr, true /*fCheckSlash*/))
         fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
+#  endif
 # endif
-#endif
-#ifdef VBOX_PERMIT_VISUAL_STUDIO_PROFILING
+# ifdef VBOX_PERMIT_VISUAL_STUDIO_PROFILING
     /* Hack to allow profiling our code with Visual Studio. */
     else if (   uBuf.UniStr.Length > sizeof(L"\\SamplingRuntime.dll")
@@ -1222 +1219 @@
         return STATUS_SUCCESS;
     }
-#endif
+# endif
     else
     {
@@ -1232 +1229 @@
         return STATUS_TRUST_FAILURE;
     }
+
+#else  /* VBOX_PERMIT_EVEN_MORE */
+    /*
+     * Require trusted installer + some kind of signature on everything, except
+     * for the VBox bits where we require kernel code signing and special
+     * integrity checks.
+     */
+    Assert(g_SupLibHardenedExeNtPath.UniStr.Buffer[g_offSupLibHardenedExeNtName - 1] == '\\');
+    uint32_t fFlags = 0;
+    if (supHardViUtf16PathStartsWithEx(uBuf.UniStr.Buffer, uBuf.UniStr.Length / sizeof(WCHAR),
+                                       g_SupLibHardenedExeNtPath.UniStr.Buffer,
+                                       g_offSupLibHardenedExeNtName, false /*fCheckSlash*/))
+        fFlags |= SUPHNTVI_F_REQUIRE_KERNEL_CODE_SIGNING | SUPHNTVI_F_REQUIRE_SIGNATURE_ENFORCEMENT;
+    else
+        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
+#endif /* VBOX_PERMIT_EVEN_MORE */
 
     /*