Fwd: [REG : 112040380892433]: Is there any requirement when handling an NT_TRANSACT_SET_SECURITY_DESCRIPTOR to store the DACL exactly as presented on the wire?
Andrew Bartlett
abartlet at samba.org
Mon Apr 16 20:41:33 MDT 2012
On Mon, 2012-04-16 at 09:56 -0700, Jeremy Allison wrote:
> On Mon, Apr 16, 2012 at 09:54:42AM -0700, Jeremy Allison wrote:
> > On Mon, Apr 16, 2012 at 12:41:58PM -0400, Scott Lovenberg wrote:
> > > On 4/16/2012 12:38 PM, Jeremy Allison wrote:
> > > >
> > > >Ouch. That's really bad - and is essentially an additional
> > > >meta-data store on Windows people can hide *anything* inside.
> > > >
> > > >Jeremy
> > > Yeah, and we already have Alternative Data Streams for that! :D
> >
> > Another problem with us trying to emulate this is that the
> > space for SD's is limited by the available size in Linux/UNIX
> > xattrs, so trying to store an unmodified DACL will stress
> > this size even more :-(.
>
> It would also be useful to write test programs against Windows
> to determine the maximum size of stored SD's on NTFS. This also
> might be different on ReFS.
>
> IMHO this is something only broken applications would depend
> on.
Yeah, probably broken applications, malware, anti-virus
looking-for-malware and antivirus tagging scanned files...
(just speculation, however)
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list