From 5c3887a3ebe7ea024d60e986e1c52dc7d891b573 Mon Sep 17 00:00:00 2001 From: midipix Date: Oct 12 2018 17:59:03 +0000 Subject: __ntapi_acl_init_common_descriptor(): disallow inheritance of parent ACEs. --- diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c index 024dbd4..6940f90 100644 --- a/src/acl/ntapi_acl_helper.c +++ b/src/acl/ntapi_acl_helper.c @@ -63,7 +63,7 @@ void __stdcall __ntapi_acl_init_common_descriptor( /* sd header */ sd->sd.revision = 1; sd->sd.sbz_1st = 0; - sd->sd.control = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT; + sd->sd.control = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT | NT_SE_DACL_PROTECTED; sd->sd.offset_owner = __offsetof(nt_sd_common_buffer,owner); sd->sd.offset_group = 0; sd->sd.offset_dacl = __offsetof(nt_sd_common_buffer,dacl);