kernel32: Specify the access rights when creating a file object.

[Dmitry Timoshkov]

> Alexandre Julliard <julliard at winehq.org> wrote:
> 
> > > While investigating how to fix the file section access tests in kernel32 I've
> > > found that some places in Wine deliberately create objects with access rights
> > > set to 0, that leads to creation of potentially not accessible objects.
> > 
> > Many of these are deliberate. You'll need test cases to show that you
> > can require more permissions.
> 
> In the most cases these patches just add the access rights appropriate for
> particular calls instead of assuming some default ones, that should be a good
> thing to do from a security point of view. Test cases are needed, but only
> to figure out what actual default permissions are provided for 0 access, and
> for file sections the test already exists and shows that defaults access is 0
> and a not accessible object as a result. Creating objects with access rights
> set to 0 should not be used, and considered a bad practice in general IMO.

I still would like to see your opinion on the above.

I see that all these patches are marked now as 'Needs tests'. What exactly needs
tests for cases
1. when a file is being opened for reading use access GENERIC_READ instead of 0?
2. symblic link object opened for deletion use access DELETE instead of 0?
3. mapping opject created with GENERIC_READ|GENERIC_WRITE (just like in another
code patch a couple of lines earlier)?
4. registry key objects are opened with particular access right like KEY_QUERY_VALUE
for reading or DELETE for deletion instead of 0?

The cases listed above are at least a non-consistency if not the bugs IMO, requring
the tests for them looks strange to me.

-- 
Dmitry.