[PATCH v2 2/2] server: Grant implicit DACL_SECURITY_INFORMATION permission to an object owner.
Alexandre Julliard
julliard at winehq.org
Tue Feb 9 14:24:45 CST 2021
Dmitry Timoshkov <dmitry at baikal.ru> writes:
> @@ -482,6 +482,17 @@ struct object *get_handle_obj( struct process *process, obj_handle_t handle,
> set_error( STATUS_OBJECT_TYPE_MISMATCH ); /* not the right type */
> return NULL;
> }
> + if (access & (READ_CONTROL | WRITE_DAC))
> + {
> + const struct security_descriptor *sd = obj->ops->get_sd( obj );
> + if (sd)
> + {
> + struct token *token = current->token ? current->token : current->process->token;
> + const SID *owner = sd_get_owner( sd );
> + if (token_sid_present( token, owner, FALSE ))
> + access &= ~(READ_CONTROL | WRITE_DAC);
> + }
> + }
That seems very ad-hoc. It would need more convincing tests.
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list