Use NtCreateFile instead of NtOpenFile to open a file
#93206
Conversation
|
r? @yaahc (rust-highfive has picked a reviewer for you, use r? to override) |
rust-highfive
added
the
S-waiting-on-review
Maybe do a stage1 build and upload the file in question to virustotal? |
The results. 11/64 down from 15/63. Yay? |
|
Note to reviewers: Here’s what MSDN has to say about internal APIs:
I think that's a pretty good reason to consider not merging this. EDIT: huh, it seems there's |
|
@nagisa This is replacing use of |
|
Right, searching for Turns out both functions exist in either header; |
|
Oh yeah, that is confusing. The winternl functions are documented as internal because they're located in the user space section. Whereas the other docs are in the driver section where everything should be considered internal by default. I guess the docs don't really account for people arriving via a web search. |
Pressed |
|
Oh hm, yeah not helpful after all then! So at this point my only motivation for wanting this merged is just that if we must use an internal API, it should ideally be the one documented in winternl. |
How is this handled in other language libraries? Are they all vulnerable to that CVE? Or do they use these functions too? If the latter then we can at least cite prior art. |
17/65 AV soft: Wow, other 10 boys detect something, we should too! |
|
|
That's managed by microsoft, they'd have an easier time to coordinate internal API breaks. |
Sure. But this PR is only arguing that |
Actually yeah. I tend to agree there. Could you please adjust the PR/commit title to specifically call out the function name as well? e.g.
r=me otherwise |
ChrisDenton
changed the title
NtCreateFile instead of NtOpenFile to open a file
ChrisDenton
force-pushed
the
ntopenfile
branch
from
f8e91ed
to
881cfcd
Compare
|
Done! |
|
Shouldn't the panic message be changed to |
|
Whoops, missed that. Thanks! |
ChrisDenton
force-pushed
the
ntopenfile
branch
from
881cfcd
to
ac02fcc
Compare
|
r? @nagisa |
|
@bors r+ |
|
📌 Commit ac02fcc has been approved by |
bors
removed
the
S-waiting-on-review
bors
added
the
S-waiting-on-bors
Use `NtCreateFile` instead of `NtOpenFile` to open a file Generally the internal `Nt*` functions should be avoided but when we do need to use one we should stick to the most commonly used for the job. To that end, this PR replaces `NtOpenFile` with `NtCreateFile`. NOTE: The initial version of this comment hypothesised that this may help with some recent false positives from malware scanners. This hypothesis proved wrong. Sorry for the distraction.
…askrgr Rollup of 7 pull requests Successful merges: - rust-lang#91950 (Point at type when a `static` `#[global_allocator]` doesn't `impl` `GlobalAlloc`) - rust-lang#92715 (Do not suggest char literal for zero-length strings) - rust-lang#92917 (Don't constrain projection predicates with inference vars in GAT substs) - rust-lang#93206 (Use `NtCreateFile` instead of `NtOpenFile` to open a file) - rust-lang#93732 (add fut/back compat tests for implied trait bounds) - rust-lang#93764 (:arrow_up: rust-analyzer) - rust-lang#93767 (deduplicate `lcnr` in mailmap) Failed merges: r? `@ghost` `@rustbot` modify labels: rollup
Generally the internal
Nt*functions should be avoided but when we do need to use one we should stick to the most commonly used for the job. To that end, this PR replacesNtOpenFilewithNtCreateFile.NOTE: The initial version of this comment hypothesised that this may help with some recent false positives from malware scanners. This hypothesis proved wrong. Sorry for the distraction.