From 83fba2e37973afb1db7aec144e06d3ee25f7096d Mon Sep 17 00:00:00 2001 From: midipix Date: Sat, 20 Oct 2018 17:35:52 -0400 Subject: __ntapi_acl_init_common_descriptor(): properly handle system-owned entities. --- src/acl/ntapi_acl_helper.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c index f2d6b6b..3059cdc 100644 --- a/src/acl/ntapi_acl_helper.c +++ b/src/acl/ntapi_acl_helper.c @@ -79,6 +79,12 @@ void __stdcall __ntapi_acl_init_common_descriptor( (nt_sid *)&sd->owner, owner); + /* is the local system account both the owner and the group? */ + if (!__ntapi->tt_sid_compare(owner,&sid_system)) + if (!__ntapi->tt_sid_compare(group,&sid_system)) + if (system_access == owner_access) + system_access = 0; + /* ace's */ ace = (nt_access_allowed_ace *)&sd->buffer; ace = __acl_ace_init(ace,system_access,&sid_system,&ace_count); -- cgit v1.2.3