I am also looking at revising the handling of SACL information: 1) If the SACL is not going to be modified, the code should just leave it alone (do not specify SACL_SECURITY_INFORMATION)
2) If the SACL information IS going to modified / read, the code needs to acquire the SE_SECURITY_NAME privilege (and release it again ASAP) Note that failure to do one or both of these things will result in an error if SACL_SECURITY_INFORMATION is specified to Get/SetNamedSecurityInfo when a SACL is present. Files and folders report the error regarding necessary privileges, services report access denied, and I did not yet test registry keys. The scheduled information will also need to contain the fact that we are not interested in the SACL. Thanks, Thomas S. Trias Senior Developer Artizan Internet Services http://www.artizan.com/ -------- Original Message -------- Subject: Re: [WiX-devs] PermissionEx enhancements [ wix-Bugs-2127236 ] [ 2016138 ] From: Thomas S. Trias <[EMAIL PROTECTED]> To: Windows Installer XML toolset developer mailing list <[email protected]> Date: 11/12/2008 8:40 AM > A few thoughts on the PermissionEx enhancements: > > 1) With the addition of the inheritance semantics flags, the attribute > checking doesn't make as much sense; forcing one to use Traverse > instead of Execute on a CreateFolder element is a bit strange when > ApplyToFiles is selected. > > 2) Is it worthwhile to restrict the inheritance flags to containers? > > 3) The identity generation for the SecureObjects table doesn't handle > multiple entries of the same type (e.g. allow) for the same user on a > given target. Given the inheritance flags, this is actually a pretty > common scenario (think Read + Traverse Folder w/o File Execute). > > The first two are mostly niceties; I will go ahead and put in a fix > for #3. > > Thanks, > > Thomas S. Trias > Senior Developer > Artizan Internet Services > http://www.artizan.com/ > > > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ WiX-devs mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wix-devs
