On Sat, Oct 29, 2016 at 11:21:37AM +0200, Jean-Pierre André wrote: > Hi again, > > Eric Biggers wrote: > > Hi Jean-Pierre, > > > > Sorry for the late response. > > No problem. I also did not do much about it. > > The intent of ntfs_valid_descr() was to guard against > processing security descriptors with invalid or unknown > features, but your need is to check whether a descriptor > is valid for Windows. The purpose of ntfs-3g is to map > Unix concepts to an ntfs file system, which is somehow > different from emulating the Windows behavior (a moving > target, Windows 8 and Windows 10 brought significant > changes). > > The translations of Windows ACLs to Posix ones rely on > heuristics which will be defeated if the ACEs are not > as expected. > > Maybe having two variants of ntfs_valid_descr() would > be the way to go, as you do not need translations, > inheritance, etc. > > Jean-Pierre
Maybe. I suppose that would mean callers would be updated to specify whether they want the stricter validation or not, and ntfs_get_ntfs_acl() and ntfs_set_ntfs_acl() wouldn't require the stricter validation? Would the stricter validation apply to the SACL as well as the DACL? It seems that it shouldn't, i.e. having entries in the SACL, such as system audit entries or integrity labels or whatever, shouldn't prevent NTFS-3G from attempting to map the DACL to UNIX permissions. Eric ------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ ntfs-3g-devel mailing list ntfs-3g-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
