[ekohl] 74050: [NTOS:SE] Add a missing ACE(SeAliasAdminsSid / GENERIC_ALL) to the SePublicDefaultDacl ACL. This fixes a kmtest:ObSecurity failure.
4 Mar
2017
4 Mar
'17
2:38 p.m.
Author: ekohl
Date: Sat Mar 4 14:38:13 2017
New Revision: 74050
URL: http://svn.reactos.org/svn/reactos?rev=74050&view=rev
Log:
[NTOS:SE]
Add a missing ACE(SeAliasAdminsSid / GENERIC_ALL) to the SePublicDefaultDacl ACL. This
fixes a kmtest:ObSecurity failure.
Modified:
trunk/reactos/ntoskrnl/se/acl.c
Modified: trunk/reactos/ntoskrnl/se/acl.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/acl.c?rev=7405…
==============================================================================
--- trunk/reactos/ntoskrnl/se/acl.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/acl.c [iso-8859-1] Sat Mar 4 14:38:13 2017
@@ -38,7 +38,8 @@
/* create PublicDefaultDacl */
AclLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
- (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
+ (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
@@ -59,6 +60,11 @@
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
+
+ RtlAddAccessAllowedAce(SePublicDefaultDacl,
+ ACL_REVISION,
+ GENERIC_ALL,
+ SeAliasAdminsSid);
/* create PublicDefaultUnrestrictedDacl */
AclLength = sizeof(ACL) +
2757
days inactive
2757
days old
0 comments
1 participants
participants (1)
-
ekohl@svn.reactos.org