Possible bug in libcli/security/access_check.c:se_access_check in master with DENY entries
Matthieu Patou
mat at samba.org
Sat Nov 3 00:40:11 MDT 2012
On 11/02/2012 06:44 PM, Richard Sharpe wrote:
> Hi folks,
>
> I think I introduced this bug, but in se_access_check, it says, when
> walking the ACL:
>
> case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
> explicitly_denied_bits |= (bits_remaining &
> ace->access_mask);
>
> However, this means that any bits that were granted earlier in the
> scan would not be denied by a DENY entry.
Well in my memory if you store a SD with deny bits not first then it's
also not working on Windows.
Could you check it ?
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba-technical
mailing list