Management of Access Control Lists on IRP_MJ_CREATE
There are numerous additional security-related issues that can be addressed within the file system. For example, the management of access control lists on disk is a major security issue. Given that security information might be identical on thousands of files, it is often useful for the file system to implement a sharing model for security descriptors. Thus, all files that use the same security descriptor share a single on-disk (and possibly in-memory) copy of the security descriptor. The NTFS file system uses this model.
An additional option would be for the file system to cache results. While not strictly related to security, it is important to realize that security operations can add substantial cost to ordinary operations, such as opening the file. Thus, caching security results from previous operations can allow the file system to rely upon previous decisions. For example, a new call that requests a subset of access previously granted to the same user on the same file could be summarily granted. Of course, the risk of adding any such mechanism is the potential for adding bugs, which allow improper access. It is important to ensure that any security implementation be thoroughly tested to ensure that it works in the manner expected.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for