From 0e435cafc61fe84d429e8a9500d666e34e3de67b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=B6ller?= <mmoeller@openhardwaremonitor.org>
Date: Mon, 1 Nov 2010 20:44:21 +0000
Subject: [PATCH] Restricted the access to the kernel driver to system and
 built-in administrators.

---
 Hardware/KernelDriver.cs | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/Hardware/KernelDriver.cs b/Hardware/KernelDriver.cs
index c5fd4e5..38d5710 100644
--- a/Hardware/KernelDriver.cs
+++ b/Hardware/KernelDriver.cs
@@ -36,7 +36,9 @@
 */
 
 using System;
+using System.IO;
 using System.Runtime.InteropServices;
+using System.Security.AccessControl;
 using Microsoft.Win32.SafeHandles;
 
 namespace OpenHardwareMonitor.Hardware {
@@ -78,7 +80,16 @@ namespace OpenHardwareMonitor.Hardware {
 
       NativeMethods.CloseServiceHandle(service);
       NativeMethods.CloseServiceHandle(manager);
-
+      
+      try {
+        // restrict the driver access to system (SY) and builtin admins (BA)
+        // TODO: replace with a call to IoCreateDeviceSecure in the driver
+        FileSecurity fileSecurity = File.GetAccessControl(@"\\.\" + id);
+        fileSecurity.SetSecurityDescriptorSddlForm(
+          "O:BAG:SYD:(A;;FA;;;SY)(A;;FA;;;BA)");
+        File.SetAccessControl(@"\\.\" + id, fileSecurity);
+      } catch { }
+      
       return true;
     }