From 5c3887a3ebe7ea024d60e986e1c52dc7d891b573 Mon Sep 17 00:00:00 2001 From: midipix Date: Thu, 11 Oct 2018 19:09:17 -0400 Subject: __ntapi_acl_init_common_descriptor(): disallow inheritance of parent ACEs. --- src/acl/ntapi_acl_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c index 024dbd4..6940f90 100644 --- a/src/acl/ntapi_acl_helper.c +++ b/src/acl/ntapi_acl_helper.c @@ -63,7 +63,7 @@ void __stdcall __ntapi_acl_init_common_descriptor( /* sd header */ sd->sd.revision = 1; sd->sd.sbz_1st = 0; - sd->sd.control = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT; + sd->sd.control = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT | NT_SE_DACL_PROTECTED; sd->sd.offset_owner = __offsetof(nt_sd_common_buffer,owner); sd->sd.offset_group = 0; sd->sd.offset_dacl = __offsetof(nt_sd_common_buffer,dacl); -- cgit v1.2.3