Fwd: [REG : 112040380892433]: Is there any requirement when handling an NT_TRANSACT_SET_SECURITY_DESCRIPTOR to store the DACL exactly as presented on the wire?

Jeremy Allison jra at samba.org
Mon Apr 16 10:54:42 MDT 2012

On Mon, Apr 16, 2012 at 12:41:58PM -0400, Scott Lovenberg wrote:
> On 4/16/2012 12:38 PM, Jeremy Allison wrote:
> >
> >Ouch. That's really bad - and is essentially an additional
> >meta-data store on Windows people can hide *anything* inside.
> >
> >Jeremy
> Yeah, and we already have Alternative Data Streams for that! :D

Another problem with us trying to emulate this is that the
space for SD's is limited by the available size in Linux/UNIX
xattrs, so trying to store an unmodified DACL will stress
this size even more :-(.


More information about the samba-technical mailing list