diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 01:47:11 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 01:47:11 +0000 |
| commit | ad75ac69416bbdb92964625dc7018b9d0a44debc (patch) | |
| tree | ba7ba3da15c2719a518dbcbc854edfe281ae9020 /src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp | |
| parent | Releasing progress-linux version 7.0.16-dfsg-8~progress7.99u1. (diff) | |
| download | virtualbox-ad75ac69416bbdb92964625dc7018b9d0a44debc.tar.xz virtualbox-ad75ac69416bbdb92964625dc7018b9d0a44debc.zip | |
Merging upstream version 7.0.18-dfsg.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp')
| -rw-r--r-- | src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp b/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp index 747d975e..c05d0210 100644 --- a/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp +++ b/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp @@ -807,7 +807,7 @@ static int supHardNtViCheckIfNotSignedOk(RTLDRMOD hLdrMod, PCRTUTF16 pwszName, u pwsz = pwszName + cwcOther + 1; /* Must be owned by trusted installer. (This test is superfuous, thus no relaxation here.) */ - if ( !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER) + if ( !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER) && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName)) return rc; @@ -868,7 +868,7 @@ static int supHardNtViCheckIfNotSignedOk(RTLDRMOD hLdrMod, PCRTUTF16 pwszName, u return rc; /* Must be owned by trusted installer. */ - if ( !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER) + if ( !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER) && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName)) return rc; return VINF_LDRVI_NOT_SIGNED; @@ -885,7 +885,7 @@ static int supHardNtViCheckIfNotSignedOk(RTLDRMOD hLdrMod, PCRTUTF16 pwszName, u cwcOther = g_System32NtPath.UniStr.Length / sizeof(WCHAR); /* ASSUMES System32 is called System32. */ pwsz = pwszName + cwcOther + 1; - if ( !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER) + if ( !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER) && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName)) return rc; @@ -933,7 +933,7 @@ static int supHardNtViCheckIfNotSignedOk(RTLDRMOD hLdrMod, PCRTUTF16 pwszName, u # endif ) { - if ( !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER) + if ( !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER) && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName)) return rc; return VINF_LDRVI_NOT_SIGNED; @@ -943,7 +943,7 @@ static int supHardNtViCheckIfNotSignedOk(RTLDRMOD hLdrMod, PCRTUTF16 pwszName, u /* * Anything that's owned by the trusted installer. */ - if ( (fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER) + if ( (fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER) || supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName)) return VINF_LDRVI_NOT_SIGNED; @@ -1379,7 +1379,7 @@ DECLHIDDEN(int) supHardenedWinVerifyImageByLdrMod(RTLDRMOD hLdrMod, PCRTUTF16 pw */ /** @todo Since we're now allowing Builtin\\Administrators after all, perhaps we * could drop these system32 + winsxs hacks?? */ - if ( (pNtViRdr->fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER) + if ( (pNtViRdr->fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER) && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(pNtViRdr->hFile, pwszName)) { if (supHardViUtf16PathStartsWithEx(pwszName, (uint32_t)RTUtf16Len(pwszName), |