Fwd: [REG : 112040380892433]: Is there any requirement when handling an NT_TRANSACT_SET_SECURITY_DESCRIPTOR to store the DACL exactly as presented on the wire?

Jeremy Allison jra at samba.org
Mon Apr 16 10:56:17 MDT 2012


On Mon, Apr 16, 2012 at 09:54:42AM -0700, Jeremy Allison wrote:
> On Mon, Apr 16, 2012 at 12:41:58PM -0400, Scott Lovenberg wrote:
> > On 4/16/2012 12:38 PM, Jeremy Allison wrote:
> > >
> > >Ouch. That's really bad - and is essentially an additional
> > >meta-data store on Windows people can hide *anything* inside.
> > >
> > >Jeremy
> > Yeah, and we already have Alternative Data Streams for that! :D
> 
> Another problem with us trying to emulate this is that the
> space for SD's is limited by the available size in Linux/UNIX
> xattrs, so trying to store an unmodified DACL will stress
> this size even more :-(.

It would also be useful to write test programs against Windows
to determine the maximum size of stored SD's on NTFS. This also
might be different on ReFS.

IMHO this is something only broken applications would depend
on.

Jeremy.


More information about the samba-technical mailing list