07-09
19

NTFS Documents (11)

Fine Happy

Authoreric   Category Related Resource   Comments0   Post Time 2007-09-19 06:01:44 -0400

Table 2.8. Layout of the $SECURITY_DESCRIPTOR (0x50) attribute

 Component  Description 
 Header   Offsets to various structure
 Audit ACLACE SID  ACEs for the Audit ACL
 Permissions ACL ACE SID ACEs for the Permissions ACL
  ACE SID 
  ACE SID 
 SID (User)   The owner of this object
 SID (Group)   

The security descriptor is necessary to prevent unauthorized access to files. It stores information about:
  The owner of the file
  Permissions the owner has granted to other users
  What actions should be logged (auditing)

6.2. Layout of the Attribute
6.2.1. Notes
6.2.1.1. Size
As defined in $AttrDef, this attribute has a no minimum or maximum size.

6.3. Layout of the stream
6.3.1. Questions
  How are the ACEs of directories inherited?
  How can we fit the ACEs into a normal looking UNIX file system?
  How can we tie the file permissions into PAM or SMB?
  Can we use NT authentication, somehow?

6.3.2. To Do
  Decide which Standard, and Specific, Rights relate to which file system activities, e.g. FILE_APPEND_DATA will allow a user to extend a file, but not create one.
  Experiment to see if the zeros we see are padding and that the flag-like fields are flags.
  Experiment with the Generic Read / Write / Execute / All flags.

6.3.3. Header
Table 2.9. Layout of the $SECURITY_DESCRIPTOR (0x50) attribute header
 Offset Size Description
 0x00 1 Revision (a)
 0x01 1 Padding
 0x02 2 Control Flags (b)
 0x04 4 Offset to User SID
 0x08 4 Offset to Group SID
 0x0C 4 Offset to SACL
 0x10 4 Offset to DACL

(a) 0x1 for now
(b) Usually 0x4 (DACL Present), or 0x14 (DACL Present + SACLPresent). See Flags below.
(c) This refers to the Auditing ACL
(d) This refers to the Permissions ACL

In NTFS 4, each file has a $SECURITY_DESCRIPTOR attribute. The most security descriptors are the same. Hence, check and read each file’s security descriptor is very inefficient. However, in the NTFS 5 import a new original data file $Secure. Simultaneity, add a new domain (Secure ID) in the $STANDARD_INFORMATION to an index of $Secure file. It has a data stream $SD, 2 indexes $SII and $SDH. Data stream is a copy of all the security descriptors in the volume. And the index is their across reference.

Trackback URL Trackback: http://blog.easeus.com/action.php?action=tb&id=49

Tags Tags: windows,NTFS,xp,ntfs

Comments List

Post a Comment

  • Name:
  • Email:
  • HomePage:
  • Comment:
  • Question:

Home | Contact Us | Partner | Blog | Forum | Links | Resource | Sitemap

Copyright © 2005-2008 CHENGDU YIWO Tech Development Co., Ltd. ALL RIGHTS RESERVED.

Privacy Policy | License | Legal Counsel