The branch, master has been updated
via 50e0060 Add a comment about why we are removing the INHERITED bit
so people understand.
from 5e91957 BUG 9758: Don't leak the epm_Map policy handle.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 50e0060091e008ad93fcfbb68cbbb81da5dec067
Author: Richard Sharpe <realrichardsha...@gmail.com>
Date: Tue Apr 2 06:48:03 2013 -0700
Add a comment about why we are removing the INHERITED bit so people
understand.
Signed-off-by: Richard Sharpe <realrichardsha...@gmail.com>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Tue Apr 2 20:05:13 CEST 2013 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
libcli/security/secdesc.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index a7e9900..8570334 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -614,6 +614,15 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
if (!container) {
new_flags = 0;
} else {
+ /*
+ * We need to remove SEC_ACE_FLAG_INHERITED_ACE here
+ * if present because it should only be set if the
+ * parent has the AUTO_INHERITED bit set in the
+ * type/control field. If we don't it will slip through
+ * and create DACLs with incorrectly ordered ACEs
+ * when there are CREATOR_OWNER or CREATOR_GROUP
+ * ACEs.
+ */
new_flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY
| SEC_ACE_FLAG_INHERITED_ACE);
--
Samba Shared Repository
