Strona główna Odkrywaj Pomoc
Zaloguj się
pascal
/
innosetup
kopia lustrzana https://github.com/jrsoftware/issrc.git
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

CreateSafeDirectory: Set "AI" flag on DACL.

Normally created directories have "AI" (SE_DACL_AUTO_INHERITED) set, but we weren't setting it on the protected directory's custom DACL.

Only ACLs from Windows NT 4.0 and earlier (which didn't support autoinheritance) are supposed to have the flag unset.
Jordan Russell 1 rok temu
rodzic
56d98e4efc
commit
4e710a15b2
1 zmienionych plików z 4 dodań i 2 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 4 2
      Projects/Src/InstFunc.pas

+ 4 - 2
Projects/Src/InstFunc.pas
Wyświetl plik 

@@ -195,8 +195,10 @@ begin
 
   if IsUnderWindowsTemp or IsLocalTempToProtect then begin

     var StringSecurityDescriptor :=

       // D: adds a Discretionary ACL ("DACL", i.e. access control via SIDs)

-      // P: prevents DACL from being modified by inherited ACLs

-      'D:P';

+      // P: prevents DACL from being modified by inheritable ACEs

+      // AI: says automatic propagation of inheritable ACEs to child objects

+      //     is supported; always supposed to be set on Windows 2000+ ACLs

+      'D:PAI';

     var CurrentUserSid := GetCurrentUserSid;

     if CurrentUserSid = '' then

       CurrentUserSid := 'OW'; // OW: owner rights