CHAPTER 15 SECURING WINDOWS OBJECTS
files, it is also possible to use the Windows Explorer to examine and manage some
security attributes of NTFS objects.
Nearly any object created with a
system call has a security attributes
parameter. Therefore, programs can secure files, processes, threads, events, sema-
phores, named pipes, and so on. The first step is to include a
structure in the call. Until now, our programs have always used a
pointer in calls or have used simply to create inher-
itable handles (Chapter 6). In order to implement security, the important element in
structure is , the pointer to a
security descriptor, which describes the object’s owner and determines which users are
allowed or denied various rights.
An indiv idual process is identified by its access token, which specifies the own-
ing user and group membership. When a process attempts to access an object, the
indows kernel can determine the process’s identity using the token a nd can then
decide from the information in the security descriptor whether or not the process
has the required rights to access the object.
structure was introduced in Chapter 6; for
review, here is the complete structure definition:
should be set to .
indicates whether or not the handle is inheritable by other processes.
The next section describes the security descriptor components.
Security Overview: The Security Descriptor
Analyzing the security descriptor gives a good overview of essential Windows
security elements. This section mentions the various elements and the names of
the functions that manage them, starting with security descriptor structure.
A security descriptor is initialized with the functi
, and it contains the following:
SECURITY OVERVIEW: THE SECURITY DESCRIPTOR
• The owner security identifier (SID) (described in the next section, which deals
with the object’s owner)
•The group SID
• A discretionary access control list (DACL)—a list of entries explicitly granting
and denying access rights. The term “ACL” without the “D” prefix will refer to
DACLs in our
• A system ACL (SACL), sometimes called an audit access ACL
associate SIDs with security descriptors, as described in the upcoming Security
ACLs are initialized using the
function and are then associ-
a ted with a securi ty descriptor using
Security descriptors are classified as either absolute or self-relative. This
distinction is ignored for now but is explained later in the chapter. Figure 15–1
shows the security descriptor and its components.
Figure 15–1 Constructing a Security Descriptor