Fwd: [REG : 112040380892433]: Is there any requirement when handling an NT_TRANSACT_SET_SECURITY_DESCRIPTOR to store the DACL exactly as presented on the wire?

Mon Apr 16 10:38:17 MDT 2012

On Mon, Apr 16, 2012 at 07:47:26AM -0700, Richard Sharpe wrote:
> Hi folks,
> 
> This seems to be the answer. Now I am off to look at MS-FSA.
> 
> ---------- Forwarded message ----------
> From: Tarun Chopra <Tarun.Chopra at microsoft.com>
> Date: Mon, Apr 16, 2012 at 7:41 AM
> Subject: RE: [REG : 112040380892433]: Is there any requirement when
> handling an NT_TRANSACT_SET_SECURITY_DESCRIPTOR to store the DACL
> exactly as presented on the wire?
> To: Richard Sharpe <realrichardsharpe at gmail.com>
> Cc: MSSolve Case Email <casemail at microsoft.com>
> 
> 
> Hi Richard
> 
> Per our analysis, Yes,  there is a requirement mentioned in section
> 3.1.5.16 of MS-FSA to store DACL (passed in InputBuffer parameter)
> presented by higher-layer protocol as-is without any modification.
> Excerpt is as follows:
> 
>        The object store MUST set Open.File.SecurityDescriptor to InputBuffer.
> 
> As a result, NTFS volume will store the extraneous zeros passed in
> DACL and returns the same DACL in Query Security Information
> operation.
> 
> Kindly let me know if this answers your query or if you require
> further assistance/clarification on below issue.

Ouch. That's really bad - and is essentially an additional
meta-data store on Windows people can hide *anything* inside.

Jeremy