From 2298a6f7c6c46ef0475439b96c0f004004ff3151 Mon Sep 17 00:00:00 2001 From: Bill Zissimopoulos Date: Tue, 1 Dec 2015 16:36:22 -0800 Subject: [PATCH] dll: fsctl: CreateSelfRelativeSecurityDescriptor: default security descriptor has FILE_ALL_ACCESS instead of GENERIC_ALL, which does not seem to work with SeAccessCheck --- src/dll/fsctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/dll/fsctl.c b/src/dll/fsctl.c index cc14d75b..5c979f42 100644 --- a/src/dll/fsctl.c +++ b/src/dll/fsctl.c @@ -52,7 +52,7 @@ static NTSTATUS CreateSelfRelativeSecurityDescriptor(PSECURITY_DESCRIPTOR Securi (AclSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(User->User.Sid) - sizeof(DWORD)) && (Acl = Malloc(AclSize)) && InitializeAcl(Acl, AclSize, ACL_REVISION) && - AddAccessAllowedAce(Acl, ACL_REVISION, GENERIC_ALL, User->User.Sid) && + AddAccessAllowedAce(Acl, ACL_REVISION, FILE_ALL_ACCESS, User->User.Sid) && InitializeSecurityDescriptor(&SecurityDescriptorStruct, SECURITY_DESCRIPTOR_REVISION) && SetSecurityDescriptorDacl(&SecurityDescriptorStruct, TRUE, Acl, FALSE) && SetSecurityDescriptorControl(&SecurityDescriptorStruct, SE_DACL_PROTECTED, SE_DACL_PROTECTED);