What Is a Security Descriptor?
A data structure containing security information associated with the protected object. The security descriptor includes information about who owns the object, how it is accessed, and what type of audit access.
- Security descriptor contains discretionary
- Security descriptor
- File and folder permissions can be edited using a variety of tools, including Windows Explorer,
typedef struct _SECURITY_DESCRIPTOR {UCHAR Revision; UCHAR Sbz1; SECURITY_DESCRIPTOR_CONTROL Control; // some of its own control bits PSID Owner; // Owner security identifiers (Security identifiers) are equivalent to UUID, identify users, user groups, computer account PSID Group; / / Group security identifiers (Security identifiers) is equivalent to UUID PACL Sacl; // (System Access Control List), which indicates the access to a set of access methods (such as read, write, run, etc.) on the object A list of control permission details. PACL Dacl; // (Discretionary Access Control List), which indicates the access control list for allowing or denying a user or user group. If an object does not have a DACL, it means that the object is accessible to anyone. } SECURITY_DESCRIPTOR, * PISECURITY_DESCRIPTOR; typedef struct _ACL {BYTE AclRevision; BYTE Sbz1; WORD AclSize; WORD AceCount; WORD Sbz2;} ACL, * PACL;
- Windows API to get security settings on an object or modify security settings on an object. For example: GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo.
- Low-level security descriptor function:
- For files, directories, mailslots, named pipes, you can use their special functions GetFileSecurity and SetFileSecurity functions to get or set the SD of the file object to set its access permissions.
- For processes, threads, access tokens, file mapping objects, semaphores, events, mutex, waitable timers, use GetKernelObjectSecurity and SetKernelObjectSecurity functions
- For Window Station and desktop, use GetUserObjectSecurity and SetUserObjectSecurity functions
- For registry keys, use RegGetKeySecurity and RegSetKeySecurity functions
- For Windows service objects, use the QueryServiceObjectSecurity and SetServiceObjectSecurity functions
- For the printer object, use the PRINTER_INFO_2 structure parameter of the GetPrinter and SetPrinter functions.
- For network sharing, use the network 502 level of NetShareGetInfo and NetShareSetInfo.
- For private objects created by the process, use the CreatePrivateObjectSecurity, DestroyPrivateObjectSecurity, GetPrivateObjectSecurity and SetPrivateObjectSecurity functions [2]