A NetApp test, aclfunc.exe seems to think that DACLs with unneeded zeros should not be resized
Stefan (metze) Metzmacher
metze at samba.org
Wed Apr 4 03:14:14 MDT 2012
Am 04.04.2012 09:53, schrieb Volker Lendecke:
> On Tue, Apr 03, 2012 at 03:10:29PM -0700, Richard Sharpe wrote:
>> On 4/3/12, ronnie sahlberg <ronniesahlberg at gmail.com> wrote:
>>> There are applications in the enterprise space that abuses the ACL and
>>> stores binary data inside an ACE.
>> Well, it struck me that people might be hiding stuff in the DACL.
>> Note, however, that in this case the NetApp tool is not abusing ACEs,
>> but rather they are abusing the DACL. The DACL correctly states that
>> there are 5 ACEs in it, and each are the correct size (20, 36, 20, 24,
>> 24 bytes respectively) howevr, the DACL is stated to contain 1000
>> bytes, with the remainder being zeros.
> With the loss of alternate data streams this might become
> much more popular in the future. George Colley probably
> knows about this already :-)
I think ACE types like
ACCESS_ALLOWED_CALLBACK_OBJECT_ACE should be used for application
Currently we ignore them, but we should really add them to our idl, so
that we can parse and marshal them.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the samba-technical