ACE Inheritance
ACE[1] also applies to the Users group but it controls inheritance. The word ???inheritance???
here means that new subdirectories under C:\Program Files will have a DACL
containing an ACE granting the described access to the Users group. Referring back to
the security descriptor in the Figure 16-4, we see that the access granted will be
0xA0000000 (0x20000000 + 0x80000000).
??? 0x20000000 = GENERIC_EXECUTE (Equivalent of FILE_TRAVERSE, FILE_
READ_ATTRIBUTES, READ_CONTROL, and SYNCHRONIZE)
??? 0x80000000 = GENERIC_READ (Equivalent of FILE_LIST_DIRECTORY, FILE_
READ_EA, FILE_READ_ATTRIBUTES, READ_CONTROL, and SYNCHRONIZE)
Gray Hat Hacking: The Ethical Hacker??™s Handbook
396
Figure 16-6 Windows DACL representation
So it appears that newly created subdirectories of C:\Program Files by default will
have an ACE granting the same access to the Users group that C:\Program Files itself has.
The final interesting portion of ACE[1] is the inheritance flags. In this case, the inheritance
flags are OICIIO. These flags are explained in Table 16-1.
Now, after having deciphered all of ACE[1], we see that the last two letters (IO) in this
representation of the ACE mean that the ACE is not at all relevant to the C:\Program
Files directory itself.
Pages:
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713