* fhandler.cc (fhandler_base::open): Always create file with default
security descriptor and fix descriptor afterwards. Change comment to explain why. * security.cc (alloc_sd): Drop setting the SE_DACL_PROTECTED flag. * wincap.cc: Remove has_dacl_protect throughout. * wincap.h: Ditto.
This commit is contained in:
@ -432,11 +432,6 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being
|
||||
* modified by inheritable ACEs. This flag is available since Win2K. */
|
||||
if (wincap.has_dacl_protect ())
|
||||
sd.Control |= SE_DACL_PROTECTED;
|
||||
|
||||
/* Create owner for local security descriptor. */
|
||||
if (!SetSecurityDescriptorOwner (&sd, owner_sid, FALSE))
|
||||
{
|
||||
|
Reference in New Issue
Block a user