InpOut32 security

[anik]

Hello Phil!
Thank you for sharing this great signed driver and sources with community!

I'm very concerned about safety of InpOut32 diver.
After driver installation any process can have unrestricted access to all physical memory and all ports, which is a high risk security vulnerability.

Could it be done in a more secure way and still be convenient for programming and use?
I see two options here.

• Option 1: load driver at application start, create and open device in exclusive mode, automatically unload driver after use.
  pros: very safe
  cons: require admin privileges for each run, only one process in system can work with driver.
• Option 2: During driver installation optionally create some kind of secret and store it as device extension. Allow access to the device only to programs/libraries that know this secret. It could be public/private keys pair in sophisticated case or just some token.
  pros: trusted unpriviledged processes can access port I/O, can be made in backward compatible way for those who don't need security.
  cons: more complicated in realization, third-party programs that use the library will not work out of the box with driver installed in secure mode.

Both approaches require slight modification of current driver source and can't be made just in user mode right now. What do you think about possibility of such changes?

[phil]

Sorry I don't have any interest in this. The source code is open and available so your welcome todo what you want with it as far as I am concerned. I ported the code to x64 for a small project that I no longer need/use.

I'm happy to keep the download link live but I'm not about to make significant/any changes to the driver (I didn't write it in the first place and I make no claims to be an expert in driver development.

EDIT: I would have thought if you want security, then using a device driver like InpOut32 would not be a good idea in the first place! And any change would break backward compatibility which was pretty much the point of it in the first place.

Thanks,
Phil

[anik]

Ok, thanks for your answer!
Of cause, modification of open source driver is not the problem. The signing is.

I would have thought if you want security, then using a device driver like InpOut32 would not be a good idea in the first place!

You'll be surprised to know how many enterprise laptops have such driver (winring0, tvicport, winio, ...) loaded for fan control purposes . Unfortunately, direct port I/O is the only way to talk to embedded controller on many machines.

[phil]

Yes I understand about the signing, but I can not sign the driver either -the current one was signed by a a nice user on my behalf. as a hobbyist developer, I cant afford nor legally buy a driver signing cert because you have to be a registered company (thanks MS!)

The same person may be willing to sign a modified driver but I cant guarantee anything.

EDIT: And I wouldn't be surprised about the use, what I was getting at, is if the interface is open, it does not really matter what security you put in place if you publish the interface, it wont be any more secure than it currently is would it (or am I missing something)?

Thanks,
Phil