kernel32: Set object security on process object
in CreateProcess.
Vitaliy Margolen
wine-devel at kievinfo.com
Sat Feb 24 09:24:32 CST 2007
Robert Shearman wrote:
> Vitaliy Margolen wrote:
>> +
>> + /* set process security */
>> + if (ret && psa && psa->lpSecurityDescriptor)
>> + {
>> + NTSTATUS status;
>> +
>> + status = NtSetSecurityObject( info->hProcess,
>> DACL_SECURITY_INFORMATION,
>> + psa->lpSecurityDescriptor );
>> + ret = status == STATUS_SUCCESS;
>> + if (!ret) SetLastError( RtlNtStatusToDosError( status ) );
>> + }
>> +
>>
>
> It would be better to pass the security descriptor (or just the DACL if
> you would prefer) in the new_process call. You should be able to change
> the security structure validation functions to return the number of
> bytes used. Therefore, you should be able to put the security data
> before the other variable data in the new_process call.
I've discussed this with Alexandre on IRC and we agreed on using
NtSetSecurityObject instead. The problem is we need to send all parts of
the SD (as it's need to be validated) and one more SD (for thread). The
total number of data would be more then maximum of 5.
> Also, I think several tests in advapi32 should succeed after this patch
> is applied so you will need to patch that too.
Yes thank you. I totally forgot about that.
Vitaliy.
More information about the wine-devel
mailing list