[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: ACLs null on NT



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Read  "19 Deadly Sins of Software Security", chapter 12 is on this auth
issue. It is written for a Unix person, to understand also having to
address NT ACLs.

Get the Platform SDK (now called the Windows SDK). Grep through the
samples for SECURITY_DECRIPTOR, among other things. There are a few
simple samples that setup an ACL for a handle.

Read "Secure Programming Cookbook", chapter 2 (access control), 2
patterns, 1 for Unix, 1 for NT.

Again, this is just untested observation. I am _not_ sitting here in a
debugger on an NT box, reading all of your Tor data.... :-)

Please put "strong Windows skills" on the RFP for the students!

Lee

> Hi, Lee!  This looks like good research.  There's one big problem,
> though: our windows skills are weak.  We'll either need a patch for
> this stuff, or more specific instructions about what exactly to do, or
> this could take a very long time to fix.

-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAkTZJkAACgkQw3D+nSm51yhzpwCgtBB+NuGd5JRBGiBjz7JJv9EI
0o4AnjtPf7Dw0lzPGz7UoI1IJwtZPjET
=zmc/
-----END PGP SIGNATURE-----