Re: kernel32: Set object security on process object in CreateProcess.

22 Feb 2007


      Vitaliy Margolen wrote:
...


/* set process security */
if (ret && psa && psa->lpSecurityDescriptor)
{
   NTSTATUS status;


   status = NtSetSecurityObject( info->hProcess, DACL_SECURITY_INFORMATION,


                                 psa->lpSecurityDescriptor );


   ret = status == STATUS_SUCCESS;


   if (!ret) SetLastError( RtlNtStatusToDosError( status ) );


}


It would be better to pass the security descriptor (or just the DACL if 
you would prefer) in the new_process call. You should be able to change 
the security structure validation functions to return the number of 
bytes used. Therefore, you should be able to put the security data 
before the other variable data in the new_process call.
Also, I think several tests in advapi32 should succeed after this patch 
is applied so you will need to patch that too.
-- 
Rob Shearman

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Re: kernel32: Set object security on process object in CreateProcess.