https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e97b412a76d079380e0c1… commit e97b412a76d079380e0c1e60b050342e018c04ee Author: Pierre Schweitzer <pierre(a)reactos.org> AuthorDate: Wed May 15 08:32:55 2019 +0200 Commit: Pierre Schweitzer <pierre(a)reactos.org> CommitDate: Wed May 15 08:41:16 2019 +0200 [BASESRV] Strengthen default permissions for DOS devices This is linked to previous work done on DOS devices creation in basesrv. If this DWORD is not set (or 0), DOS devices will be created with an ACL that make the symlink readable by any and modifiable by any. With protection mode set, the symlink will be still readable by any but not modifiable by anyone but the owner. This should also affect some objects managed by session manager. By default, on W2K3, that protection mode is set. --- boot/bootdata/hivesys.inf | 1 + 1 file changed, 1 insertion(+) diff --git a/boot/bootdata/hivesys.inf b/boot/bootdata/hivesys.inf index 68d23cff007..081352fc6dd 100644 --- a/boot/bootdata/hivesys.inf +++ b/boot/bootdata/hivesys.inf @@ -1442,6 +1442,7 @@ HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","GlobalFlag", 0x00010003 HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","ObjectDirectories",0x00010000, \ "\Windows", \ "\RPC Control" +HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","ProtectionMode", 0x00010003, 0x00000001 ; DOS devices HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices","AUX",0x00000002,"\DosDevices\COM1"