diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2000-12-20 15:42:43 +0300 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2000-12-20 15:42:43 +0300 |
commit | aa2b85cc90a41b143a62196af77736bad9b2da70 (patch) | |
tree | 4a45d14789a3eccf13747a58f410dae0223831a6 /winsup/cygwin/security.cc | |
parent | e625e1b99ec6b3edd58199937d3788f7c17aca98 (diff) |
* autoload.cc: Add load statemant for SetSecurityDescriptorControl.
* security.cc (alloc_sd): Always set SE_DACL_PROTECTED flag on
Win2K and higher.
Diffstat (limited to 'winsup/cygwin/security.cc')
-rw-r--r-- | winsup/cygwin/security.cc | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 67caf689e..f5cb8138f 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -915,6 +915,21 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute, return NULL; } + /* + * We set the SE_DACL_PROTECTED flag here to prevent the DACL from being modified + * by inheritable ACEs. + * This flag as well as the SetSecurityDescriptorControl call are available only + * since Win2K. + */ + static int win2KorHigher = -1; + if (win2KorHigher == -1) + { + DWORD version = GetVersion (); + win2KorHigher = (version & 0x80000000) || (version & 0xff) < 5 ? 0 : 1; + } + if (win2KorHigher > 0) + SetSecurityDescriptorControl (&sd, SE_DACL_PROTECTED, SE_DACL_PROTECTED); + /* Create owner for local security descriptor. */ if (! SetSecurityDescriptorOwner(&sd, owner_sid, FALSE)) { |