* fhandler.cc (fhandler_base::open): Always create file with default

security descriptor and fix descriptor afterwards.  Change comment to
	explain why.
	* security.cc (alloc_sd): Drop setting the SE_DACL_PROTECTED flag.
	* wincap.cc: Remove has_dacl_protect throughout.
	* wincap.h: Ditto.
This commit is contained in:
Corinna Vinschen
2009-10-24 08:26:01 +00:00
parent 4c038a6101
commit 1647bf67c1
5 changed files with 30 additions and 45 deletions

View File

@ -432,11 +432,6 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
return NULL;
}
/* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being
* modified by inheritable ACEs. This flag is available since Win2K. */
if (wincap.has_dacl_protect ())
sd.Control |= SE_DACL_PROTECTED;
/* Create owner for local security descriptor. */
if (!SetSecurityDescriptorOwner (&sd, owner_sid, FALSE))
{