A NetApp test, aclfunc.exe seems to think that DACLs with unneeded zeros should not be resized

Stefan (metze) Metzmacher metze at samba.org
Wed Apr 4 03:14:14 MDT 2012

Am 04.04.2012 09:53, schrieb Volker Lendecke:
> On Tue, Apr 03, 2012 at 03:10:29PM -0700, Richard Sharpe wrote:
>> On 4/3/12, ronnie sahlberg <ronniesahlberg at gmail.com> wrote:
>>> Richard
>>> There are applications in the enterprise space that abuses the ACL and
>>> stores binary data inside an ACE.
>> Well, it struck me that people might be hiding stuff in the DACL.
>> Note, however, that in this case the NetApp tool is not abusing ACEs,
>> but rather they are abusing the DACL. The DACL correctly states that
>> there are 5 ACEs in it, and each are the correct size (20, 36, 20, 24,
>> 24 bytes respectively) howevr, the DACL is stated to contain 1000
>> bytes, with the remainder being zeros.
> With the loss of alternate data streams this might become
> much more popular in the future. George Colley probably
> knows about this already :-)

I think ACE types like

ACCESS_ALLOWED_CALLBACK_OBJECT_ACE should be used for application
specific data

See http://msdn.microsoft.com/en-us/library/cc230288%28v=prot.10%29.aspx

Currently we ignore them, but we should really add them to our idl, so
that we can parse and marshal them.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120404/1526270e/attachment.pgp>

More information about the samba-technical mailing list