Dmitry Timoshkov <dmitry(a)baikal.ru> writes:
@@ -482,6 +482,17 @@ struct object *get_handle_obj( struct process *process, obj_handle_t handle, set_error( STATUS_OBJECT_TYPE_MISMATCH ); /* not the right type */ return NULL; } + if (access & (READ_CONTROL | WRITE_DAC)) + { + const struct security_descriptor *sd = obj->ops->get_sd( obj ); + if (sd) + { + struct token *token = current->token ? current->token : current->process->token; + const SID *owner = sd_get_owner( sd ); + if (token_sid_present( token, owner, FALSE )) + access &= ~(READ_CONTROL | WRITE_DAC); + } + }
That seems very ad-hoc. It would need more convincing tests. -- Alexandre Julliard julliard(a)winehq.org