Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 10:04:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:SE] HACK: Temporarily add the Local group SID to the system token

Browse source 
Temporarily add the local group to the system token so that Virtualbox
GA services can properly set up network drives for shared folders.

What happens is that a security descriptor has a DACL with only one ACE
that grants access to Local SID (presumably coming from Vbox?)
but the client token is that of the service which is a SYSTEM token.
Perhaps we are not impersonating the right user or whatever else.

This is only a temporary placebo, until a proper solution is found.

CORE-18250
This commit is contained in:
George Bișoc 2023-10-01 14:01:22 +02:00
parent fefb1b7745
commit 09bfd96f3b
No known key found for this signature in database
GPG key ID: 688C4FBE25D7DEF6
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ntoskrnl/se/token.c
View file

@ -1784,12 +1784,14 @@ SepCreateSystemProcessToken(VOID)
{
{SeAliasAdminsSid, OwnerAttributes},
{SeWorldSid, GroupAttributes},
{SeAuthenticatedUsersSid, GroupAttributes}
{SeAuthenticatedUsersSid, GroupAttributes},
{SeLocalSid, SE_GROUP_ENABLED} // HACK: Temporarily add the local group. See CORE-18250.
};
GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
SeLengthSid(Groups[0].Sid) +
SeLengthSid(Groups[1].Sid) +
SeLengthSid(Groups[2].Sid);
SeLengthSid(Groups[2].Sid) +
SeLengthSid(Groups[3].Sid); // HACK
ASSERT(GroupsLength <= (sizeof(Groups) * sizeof(ULONG)));
/* Setup the privileges */