| Updated: October 28, 2024 |
Some services and drivers have threads that require I/O privileges, which require some special security.
A thread obtains I/O privileges by passing the _NTO_TCTL_IO_LEVEL flag to the ThreadCtl() function. In order to do this, the process must have the PROCMGR_AID_IO ability enabled. For more information, see procmgr_ability().
A process containing threads with I/O privileges will represent an extremely likely target of exploitation, and as such must be developed with care. We recommend that you use a privilege separation model when working with I/O privileged threads, where design constraints allow it.
In cases where privilege separation isn't possible and multiple threads must be spawned within one process, only those threads that explicitly require I/O privileges should obtain them.
Some complications may exist that prevent a process from holding off obtaining I/O privileges; however, these types of issues should be considered and ideally solved during the design phase of the application.