[PATCH v2 2/2] server: Grant implicit DACL_SECURITY_INFORMATION permission to an object owner.
Dmitry Timoshkov
dmitry at baikal.ru
Wed Feb 10 00:46:18 CST 2021
Alexandre Julliard <julliard at winehq.org> wrote:
> Dmitry Timoshkov <dmitry at baikal.ru> writes:
>
> > @@ -482,6 +482,17 @@ struct object *get_handle_obj( struct process *process, obj_handle_t handle,
> > set_error( STATUS_OBJECT_TYPE_MISMATCH ); /* not the right type */
> > return NULL;
> > }
> > + if (access & (READ_CONTROL | WRITE_DAC))
> > + {
> > + const struct security_descriptor *sd = obj->ops->get_sd( obj );
> > + if (sd)
> > + {
> > + struct token *token = current->token ? current->token : current->process->token;
> > + const SID *owner = sd_get_owner( sd );
> > + if (token_sid_present( token, owner, FALSE ))
> > + access &= ~(READ_CONTROL | WRITE_DAC);
> > + }
> > + }
>
> That seems very ad-hoc. It would need more convincing tests.
What kind of test would be more convincing for you? Even if the tests
in 1/2 are not enough it's still a good start, and why not accept them
while anticipating more tests?
--
Dmitry.
More information about the wine-devel
mailing list