advapi32 security tests and Vista (PROCESS_ALL_ACCESS)
Carl Fongheiser
carlfongheiser at gmail.com
Mon Mar 17 11:23:47 CDT 2008
On Mon, Mar 17, 2008 at 10:41 AM, Paul Vriens <paul.vriens.wine at gmail.com>
wrote:
> Hi,
>
> I'm now looking at some of the failures for the security tests on Vista.
> Apparently PROCESS_ALL_ACCESS which is defined as:
>
> #define PROCESS_ALL_ACCESS
> (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0xfff)
>
> is changed on Vista:
>
> #define PROCESS_ALL_ACCESS
> (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0xffff)
>
> Should I change the tests (CreateProcess) to check for both possibilities
> or
> should our PROCESS_ALL_ACCESS be changed?
>
> I'm not sure what implications the latter one has yet. Only that using
> that mask
> on other windows versions will/could fail.
>
Windows Vista/Windows Server 2008 have a new permission flag,
PROCESS_QUERY_LIMITED_INFORMATION, with a value of 0x1000. That's why they
added the extra nibble. The permission check code isn't supposed to check
bits it doesn't know about, so it should be harmless to enable the extra
nibble even on older versions.
Carl Fongheiser
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winehq.org/pipermail/wine-devel/attachments/20080317/845f6ba8/attachment.htm
More information about the wine-devel
mailing list