Windows 2008 and the handling of Owner Rights permissions
Richard Sharpe
realrichardsharpe at gmail.com
Sun Mar 4 11:23:57 MST 2012
2012/3/4 Richard Sharpe <realrichardsharpe at gmail.com>:
> Hi,
>
> Here http://technet.microsoft.com/en-us/library/dd125370%28v=WS.10%29.aspx
> it suggests that if an ACL on an object contains the Owner Rights
> principal (S-1-3-4) and the permissions do not contain WRITE_DAC and
> READ_CONTROL then the current handling of se_access_check
> (libcli/security/access_check.c) is incorrect.
Attached is a new patch that corrects the obvious error and only
applies the permissions in relation to an ACCESS_ALLOWED ACE.
At least one of the links in the above document suggest that these
ACEs should apply to all securable objects.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owner-rights.patch
Type: application/octet-stream
Size: 3636 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120304/71e1ecfa/attachment.obj>
More information about the samba-technical
mailing list