ACE[1] exists only to supply a default ACE to newly created child
objects of C:\Program Files.
We have now looked at ACE[0] and ACE[1] of the C:\Program Files security
descriptor DACL. We could go through the same exercise with ACEs 2??“8 but now that
you understand how the access mask and inheritance work, let??™s skip past that for now
and look at the AccessCheck function. This will be the final architectural-level concept
you need to understand before we can start talking about the fun stuff.
The Access Check
This section will not offer complete, exhaustive detail about the Windows AccessCheck
function. In fact, we will deliberately leave out details that will be good for you to know
eventually, but not critical for you to understand right now. If you??™re reading along and
you already know about how the AccessCheck function works and find that we??™re being
misleading about it, just keep reading and we??™ll peel back another layer of the onion
later in the chapter. We??™re anxious right now to get to attacks, so will be giving only the
minimum detail needed.
The core function of the Windows access control model is handling a request for a certain
access right by comparing the access token of the requesting process against the
protections provided by the security descriptor of the object requested.
Pages:
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714