After start up I'd like my Linux program to drop root privileges and switch to a non-privileged account. I've found various examples online but nothing canonical for my requirements, specifically:
this is a permanent drop
both (e)uid and (e)gid should switch to non-root
only Linux support (kernel > 2.6.32)
no need for supplemental groups
The best approach I've found is:
uid_t new_uid = ...;
gid_t new_gid = ...;
gid_t rgid, egid, sgid;
if (setresgid(new_gid, new_gid, new_gid) < 0)
{
perror("setresgid");
exit(EXIT_FAILURE);
}
if (getresgid(&rgid, &egid, &sgid) < 0)
{
perror("getresgid");
exit(EXIT_FAILURE);
}
if (rgid != new_gid || egid != new_gid || sgid != new_gid)
{
printf("unexpected gid");
exit(EXIT_FAILURE);
}
if (setgroups(0, 0) != 0)
{
perror("setgroups");
exit(EXIT_FAILURE);
}
uid_t ruid, euid, suid;
if (setresuid(new_uid, new_uid, new_uid) < 0)
{
perror("setresuid");
exit(EXIT_FAILURE);
}
if (getresuid(&ruid, &euid, &suid) < 0)
{
perror("getresuid");
exit(EXIT_FAILURE);
}
if (ruid != new_uid || euid != new_uid || suid != new_uid)
{
printf("unexpected uid");
exit(EXIT_FAILURE);
}
I can wrap this in an exe and demonstrate that the uid's and gid's appear correct using:
ps -eO user,uid,ruid,suid,group,gid,rgid,sgid
The program can't bind to a privileged port or manipulate most root-owned files, so that's all good.
I've also found the captest program (included in libcap-ng-utils) which verifies that the process does not have any unexpected capabilities(7).
However, since security is a concern I'd like to be more confident that I've dropped all non-essential privileges correctly. How can I be certain?
Thanks.
The "canonical" way to do this was implemented by D.J.Bernstein in his 'setuidgid' code, which was originally used into his QMail program, nowadays included in 'daemontools'.
The actual code used in GNU coreutils is based on DJB's description of the procedure, its code is visible here https://github.com/wertarbyte/coreutils/blob/master/src/setuidgid.c
Related
I work on an electron application, and we would like to support dragging and dropping .msg files from our app into Outlook (or the Windows shell, or wherever, but primarily Outlook). The files will not necessarily be available before the user starts the drag and drop operation, and will need to be downloaded once the user begins the drag and drop. This means we can't use electron's inbuilt startDrag as it requires that the files are already in the filesystem, so I have implemented a node c++ addon to handle it using the OLE Drag and Drop API.
The data extraction (from my app to Outlook) needs to occur asynchronously, otherwise node's event loop will be blocked, halting the download. This means that the data extraction has to occur on another thread so that the event loop can continue actually downloading the data (currently doing the download in c++ is not an option, it has to occur in node). So I have implemented IDataObjectAsyncCapability on my DataObject, to indicate that I support asynchronous data extraction (it would be even nicer to be able to indicate that I don't support synchronous), but Outlook won't even query for the Interface, let alone do the data extraction asynchronously. The Windows shell does however query for the interface, but after the call to GetData, it still performs the extraction synchronously inside DoDragDrop, without even invoking any of the IDataObjectAsyncCapability methods. Is there something lacking in my implementation, or a specific way to encourage the drop target to start up a new thread?
Here is the meat of my DataObject implementation, if there's anything else that could be of use, I can provide.
STDMETHODIMP DataObject::QueryInterface(REFIID iid, LPVOID* ppvObject) {
if (ppvObject == nullptr) {
return E_INVALIDARG;
} else if (iid == IID_IUnknown) {
AddRef();
*ppvObject = reinterpret_cast<LPUNKNOWN>(this);
return S_OK;
} else if (iid == IID_IDataObject) {
AddRef();
*ppvObject = reinterpret_cast<LPDATAOBJECT>(this);
return S_OK;
} else if (iid == IID_IDataObjectAsyncCapability) {
AddRef();
*ppvObject = reinterpret_cast<IDataObjectAsyncCapability*>(this);
return S_OK;
}
*ppvObject = nullptr;
return E_NOINTERFACE;
}
STDMETHODIMP DataObject::GetData(LPFORMATETC queryFormat,
LPSTGMEDIUM outputStorage) {
if (queryFormat->cfFormat == CF_FILEDESCRIPTOR &&
(queryFormat->tymed & TYMED_HGLOBAL) && queryFormat->lindex <= 0 &&
queryFormat->dwAspect == DVASPECT_CONTENT) {
outputStorage->tymed = TYMED_HGLOBAL;
outputStorage->pUnkForRelease = nullptr;
outputStorage->hGlobal =
lockAndDuplicateHGLOBAL(this->groupDescriptorStorage.hGlobal);
return S_OK;
} else if (queryFormat->cfFormat == CF_FILECONTENTS &&
(queryFormat->tymed & TYMED_ISTREAM) &&
queryFormat->dwAspect == DVASPECT_CONTENT &&
queryFormat->lindex >= 0 &&
queryFormat->lindex < this->files.size()) {
// files is vector<pair<FILEDESCRIPTOR, STGMEDIUM>>
// where the STGMEDIUM is set to IStream
// Am I doing something wrong here?
auto file = this->files[queryFormat->lindex].second;
*outputStorage = file;
return S_OK;
}
return DV_E_FORMATETC;
}
STDMETHODIMP DataObject::QueryGetData(LPFORMATETC queryFormat) {
if (queryFormat->cfFormat == CF_FILEDESCRIPTOR ||
(queryFormat->cfFormat == CF_FILECONTENTS &&
(queryFormat->tymed & TYMED_HGLOBAL))) {
return S_OK;
}
return DATA_E_FORMATETC;
}
STDMETHODIMP DataObject::EnumFormatEtc(DWORD dwDirection,
LPENUMFORMATETC* ppEnumFormatEtc) {
if (dwDirection == DATADIR_GET) {
// basic implementation of IEnumFormatEtc (not mine)
return EnumFormat::Create(this->supportedFormats, this->numFormats,
ppEnumFormatEtc);
}
return E_INVALIDARG;
}
// Do the actual drag drop
// files is a list of STGMEDIUMS with IStreams. I'm using data that's readily available while
// implementing this, could that be somehow interfering and causing this problem in the first place?
DWORD dwEffect;
auto dataObject = new DataObject(groupDescriptorStorage, files);
auto dropSource = new DropSource();
// Do these DROPEFFECTS have an effect?
auto result = DoDragDrop(dataObject, dropSource,
DROPEFFECT_COPY | DROPEFFECT_MOVE, &dwEffect);
// By the time we get here, the data extraction would already have occured
// because it's happening inside DoDragDrop. of course, isAsyncOperation will be false
BOOL isInAsyncOperation;
dataObject->InOperation(&isInAsyncOperation);
I've followed the instructions from here as well as various forum posts I've found, but I can't seem to find anything about what to do when the drop target doesn't play ball.
I'm really stuck for ideas as to how to make this work. If the drop target isn't even querying for IDataObjectAsyncCapability then is it hopeless? Should I be returning something other than the file contents when it's first requested?
I am trying to change unknown uid's and gid's on files that my rsync command would consider as source files before I execute my rsync command.
My rsync command includes an exclude file.
The reason that I need to do this is explained in my question here.
I have tried this find command:
find /cygdrive/f -uid 4294967295 -exec chown 544. '{}' + -o -gid 4294967295 -exec chown .197121 '{}' +
BUT, it does not handle the exclude file. By that I mean, the above find searches all of f drive for files matching the unknown uid/gid, then chowns them. My rsync looks at drive f and copies all of it except the files in exclude file. I do not want to chown any Win7 side files that rsync does not copy.
For instance, one of the ways Win7 protects some of its hidden/sys files is by setting their uid and gid to 4294967295 (eg c:\pagefil.sys and c:\hiberfil.sys). I have excluded both these files in the rsync exclude file AND I want to leave their Win7 side uid/gid alone. The find command would chown them.
I have also tried to parse an ls listing, which may work, but very slowly. Since I am only dealing with Win7 files I think an ls would be suitable for parsing.
Is there a better way to solve my problem before I work with the ls listing (or parse the find output) before chowning script?
Another, more precise way, but slow and requiring a more difficult script for me, would be to parse an rsync --dry-run ... listing to figure out which items need chowning.
EDIT 2015-12-13: Unfortunately the rsync --dry-run ... does not generate the warnings about impossible to set UID/GID 's during the dry run so that method is out.
BUT, I have found the source code for rsync and it looks to me that it would be pretty easy to modify it so that the UID/GID 's could be set to the UID and GID of the process running the rsync command if the bad UID/GID 's are found during a session.
Can anyone give me a summary of what tools I need to compile the rsync source code on a Win7 computer?
Here is rsync.c from the source code (search for 'impossible to set'):
int set_file_attrs(const char *fname, struct file_struct *file, stat_x *sxp,
const char *fnamecmp, int flags)
{
int updated = 0;
stat_x sx2;
int change_uid, change_gid;
mode_t new_mode = file->mode;
int inherit;
if (!sxp) {
if (dry_run)
return 1;
if (link_stat(fname, &sx2.st, 0) < 0) {
rsyserr(FERROR_XFER, errno, "stat %s failed",
full_fname(fname));
return 0;
}
init_stat_x(&sx2);
sxp = &sx2;
inherit = !preserve_perms;
} else
inherit = !preserve_perms && file->flags & FLAG_DIR_CREATED;
if (inherit && S_ISDIR(new_mode) && sxp->st.st_mode & S_ISGID) {
/* We just created this directory and its setgid
* bit is on, so make sure it stays on. */
new_mode |= S_ISGID;
}
if (daemon_chmod_modes && !S_ISLNK(new_mode))
new_mode = tweak_mode(new_mode, daemon_chmod_modes);
#ifdef SUPPORT_ACLS
if (preserve_acls && !S_ISLNK(file->mode) && !ACL_READY(*sxp))
get_acl(fname, sxp);
#endif
change_uid = am_root && uid_ndx && sxp->st.st_uid != (uid_t)F_OWNER(file);
change_gid = gid_ndx && !(file->flags & FLAG_SKIP_GROUP)
&& sxp->st.st_gid != (gid_t)F_GROUP(file);
#ifndef CAN_CHOWN_SYMLINK
if (S_ISLNK(sxp->st.st_mode)) {
;
} else
#endif
if (change_uid || change_gid) {
if (DEBUG_GTE(OWN, 1)) {
if (change_uid) {
rprintf(FINFO,
"set uid of %s from %u to %u\n",
fname, (unsigned)sxp->st.st_uid, F_OWNER(file));
}
if (change_gid) {
rprintf(FINFO,
"set gid of %s from %u to %u\n",
fname, (unsigned)sxp->st.st_gid, F_GROUP(file));
}
}
if (am_root >= 0) {
uid_t uid = change_uid ? (uid_t)F_OWNER(file) : sxp->st.st_uid;
gid_t gid = change_gid ? (gid_t)F_GROUP(file) : sxp->st.st_gid;
if (do_lchown(fname, uid, gid) != 0) {
/* We shouldn't have attempted to change uid
* or gid unless have the privilege. */
rsyserr(FERROR_XFER, errno, "%s %s failed",
change_uid ? "chown" : "chgrp",
full_fname(fname));
goto cleanup;
}
if (uid == (uid_t)-1 && sxp->st.st_uid != (uid_t)-1)
rprintf(FERROR_XFER, "uid 4294967295 (-1) is impossible to set on %s\n", full_fname(fname));
if (gid == (gid_t)-1 && sxp->st.st_gid != (gid_t)-1)
rprintf(FERROR_XFER, "gid 4294967295 (-1) is impossible to set on %s\n", full_fname(fname));
/* A lchown had been done, so we need to re-stat if
* the destination had the setuid or setgid bits set
* (due to the side effect of the chown call). */
if (sxp->st.st_mode & (S_ISUID | S_ISGID)) {
link_stat(fname, &sxp->st,
keep_dirlinks && S_ISDIR(sxp->st.st_mode));
}
}
updated = 1;
}
#ifdef SUPPORT_XATTRS
if (am_root < 0)
set_stat_xattr(fname, file, new_mode);
if (preserve_xattrs && fnamecmp)
set_xattr(fname, file, fnamecmp, sxp);
#endif
if (!preserve_times
|| (!(preserve_times & PRESERVE_DIR_TIMES) && S_ISDIR(sxp->st.st_mode))
|| (!(preserve_times & PRESERVE_LINK_TIMES) && S_ISLNK(sxp->st.st_mode)))
flags |= ATTRS_SKIP_MTIME;
if (!(flags & ATTRS_SKIP_MTIME)
&& cmp_time(sxp->st.st_mtime, file->modtime) != 0) {
int ret = set_modtime(fname, file->modtime, F_MOD_NSEC(file), sxp->st.st_mode);
if (ret < 0) {
rsyserr(FERROR_XFER, errno, "failed to set times on %s",
full_fname(fname));
goto cleanup;
}
if (ret == 0) /* ret == 1 if symlink could not be set */
updated = 1;
else
file->flags |= FLAG_TIME_FAILED;
}
#ifdef SUPPORT_ACLS
/* It's OK to call set_acl() now, even for a dir, as the generator
* will enable owner-writability using chmod, if necessary.
*
* If set_acl() changes permission bits in the process of setting
* an access ACL, it changes sxp->st.st_mode so we know whether we
* need to chmod(). */
if (preserve_acls && !S_ISLNK(new_mode)) {
if (set_acl(fname, file, sxp, new_mode) > 0)
updated = 1;
}
#endif
#ifdef HAVE_CHMOD
if (!BITS_EQUAL(sxp->st.st_mode, new_mode, CHMOD_BITS)) {
int ret = am_root < 0 ? 0 : do_chmod(fname, new_mode);
if (ret < 0) {
rsyserr(FERROR_XFER, errno,
"failed to set permissions on %s",
full_fname(fname));
goto cleanup;
}
if (ret == 0) /* ret == 1 if symlink could not be set */
updated = 1;
}
#endif
if (INFO_GTE(NAME, 2) && flags & ATTRS_REPORT) {
if (updated)
rprintf(FCLIENT, "%s\n", fname);
else
rprintf(FCLIENT, "%s is uptodate\n", fname);
}
cleanup:
if (sxp == &sx2)
free_stat_x(&sx2);
return updated;
}
I have found two practical solutions that fix the base issue:
If both source and destination environments use rsync 3.1.0 or newer, there are new options available. In that case I could just add these options to my rsync command:
--usermap=4294967295:544 --groupmap=4294967295:197121
Thank-you Wayne Davison for directing me to these new options!
If you are stuck with an older rsync on your destination (as I am with my WD MyCloud), you can modify the rsync source code with cygwin as follows.
Make sure your cygwin is installed with gcc gcc-core perl make and quilt
Download the latest rsync source tar file at rsync site
I unzipped that to a folder in my ~ directory.
I downloaded Eclipse to use as an IDE but you could just modify the files with NotePad++ as follows:
In the main.c file I added an information line that you see every time you run rsync so you know you are using your personal rsync version. I am sure that there is also an appropriate way to set the version number to one of my own but I will let someone comment on how to do that. (all my lines end with /* dalek */):
starttime = time(NULL);
our_uid = MY_UID();
our_gid = MY_GID();
rprintf(FINFO,"rsync 3.1.1 with edits started by uid: %u gid: %u\n", our_uid, our_gid ); /* dalek */
Then, in flist.c, add my /* dalek */ lines as follows:
if (!preserve_uid || ((uid_t)F_OWNER(file) == uid && *lastname))
xflags |= XMIT_SAME_UID;
else {
uid = F_OWNER(file);
if (uid==4294967295){ /* dalek */
if (do_lchown(fname, our_uid, F_GROUP(file)) != 0) { /* dalek */
rprintf(FINFO, "COULD NOT CHANGE 4294967295 UID to %u on %s\n",our_uid,fname); /* dalek */
}else{ /* dalek */
uid=our_uid; /* dalek */
} /* dalek */
} /* dalek */
if (!numeric_ids) {
user_name = add_uid(uid);
if (inc_recurse && user_name)
xflags |= XMIT_USER_NAME_FOLLOWS;
}
}
if (!preserve_gid || ((gid_t)F_GROUP(file) == gid && *lastname))
xflags |= XMIT_SAME_GID;
else {
gid = F_GROUP(file);
if (gid==4294967295){ /* dalek */
if (do_lchown(fname, F_OWNER(file), our_gid) != 0) { /* dalek */
rprintf(FINFO, "COULD NOT CHANGE 4294967295 GID to %u on %s\n",our_gid,fname); /* dalek */
}else{ /* dalek */
gid=our_gid; /* dalek */
} /* dalek */
} /* dalek */
if (!numeric_ids) {
group_name = add_gid(gid);
if (inc_recurse && group_name)
xflags |= XMIT_GROUP_NAME_FOLLOWS;
}
}
Then in your recently added rsync source directory run ./configure.sh then run make then run make install. That is it! You should have a new rsync.exe file in .../usr/local/bin which will be run whenever you use rsync from now on since cygwin puts .../usr/local/bin ahead of .../bin in the PATH it uses. The original rsync is still in .../bin. To use the original, just move your modified rsync.exe out of .../usr/local/bin.
If you have spare space on your Win7 computer, try this:
rsync the files you want into a temporary location on the same computer. Because it is the same computer the UID/GID should set successfully.
In the copy do your find/chown script to set the UID/GID for all the files.
rsync the copy back to the original location (carefully!) The contents of the files should not have changed, so the only changes rsync should make will be to set the UID/GID.
Make sure you use -aHAX to do the copies, and do a dry-run before overwriting anything!
When I wrote path like this, I stat() was working.
char homePath[] = "../../usr/http/";
if(stat("usr/bin",&file_info) == -1)
{
strcat(sendMessage, path);
strcat(sendMessage, "\n\nHTTP/1.1 400 Not Found\n");
return 0;
}
but the below code is not working. stat() always returns -1.
I thought strcat is the problem. But when I check the merged path string, It seems ok. Please let me know how to fix it.
strcat(path, homePath);
strcat(path, target);
if(stat(path,&file_info) == -1)
{
strcat(sendMessage, path);
strcat(sendMessage, "\n\nHTTP/1.1 400 Not Found\n");
return 0;
}
The first character's of path might be unprintable. Use strcpy. Safer yet, use strncpy and strncat.
strncpy(path, homePath, sizeof(path));
strncat(path, target, sizeof(path) - strnlen(path, sizeof(path)));
Read the Linux man pages to see why the strn versions are preferred.
How do set homePath and target?
the formating looks fine: http://linux.die.net/man/2/stat
I'm writing a simple program to set and clear a pin (the purpose is to use that pin as a custom spi_CS).
I'm able to export that pin (gpio1_17, port 9 pin 23 bb white) and to use that trough the filesystem but I have to drive it faster.
This is the code:
uint32_t *gpio;
int fd = open("/dev/mem", O_RDWR|O_SYNC);
if (fd < 0){
fprintf(stderr, "Unable to open port\n\r");
exit(fd);
}
gpio =(uint32_t *) mmap(NULL, getpagesize(), PROT_READ|PROT_WRITE, MAP_SHARED, fd, GPIO1_offset); // start of GPIOA
if(gpio == (void *) -1) {
printf("Memory map failed.\n");
exit(0);
} else {
printf("Memory mapped at address %p.\n", gpio);
}
printf("\nGPIO_OE:%X\n",gpio[GPIO_OE/4]);
gpio[GPIO_OE/4]=USR1;
printf("\nGPIO_OE:%X\n",gpio[GPIO_OE/4]);
printf("\nGPIO_CLEARDATAOUT:%X\n",gpio[GPIO_CLEARDATAOUT/4]);
gpio[GPIO_CLEARDATAOUT/4]=USR1;
printf("\nGPIO_CLEARDATAOUT:%X\n",gpio[GPIO_CLEARDATAOUT/4]);
sleep(1);
printf("\nGPIO_SETDATAOUT%X\n",gpio[GPIO_SETDATAOUT/4]);
gpio[GPIO_DATAOUT/4]=USR1;
printf("\nGPIO_SETDATAOUT%X\n",gpio[GPIO_SETDATAOUT/4]);
with
#define GPIO1_offset 0x4804c000
#define GPIO1_size 0x4804cfff-GPIO1_offset
#define GPIO_OE 0x134
#define GPIO_SETDATAOUT 0x194
#define GPIO_CLEARDATAOUT 0x190
#define GPIO_DATAOUT 0x13C
#define USR1 1<<17
I'm able to outputenable that pin, beacuse if I put it high before running the program, that ping goes low. But I cannot set and reset it. Any ideas?
Why are you directly modifying the registers? It is way easier to just use it as a linux GPIO:
#define GPIO_1_17 "49"
int gpio;
status_codes stat = STATUS_SUCCESS;
//Export our GPIOs for use
if((gpio = open("/sys/class/gpio/export", O_WRONLY)) >= 0) {
write(gpio, GPIO_1_17, strlen(GPIO_1_17));
close(gpio);
} else {
stat = STATUS_GPIO_ACCESS_FAILURE;
break;
}
//Set the direction and pull low
if((gpio = open("/sys/class/gpio/gpio" GPIO_1_17 "/direction", O_WRONLY)) >= 0) {
write(gpio, "out", 3); // Set out direction
close(gpio);
} else {
stat = STATUS_GPIO_ACCESS_FAILURE;
break;
}
if((gpio = open("/sys/class/gpio/gpio" GPIO_1_17 "/value", O_WRONLY)) >= 0) {
write(gpio, "0", 1); // Pull low
close(gpio);
} else {
stat = STATUS_GPIO_ACCESS_FAILURE;
break;
}
Then just make sure it is muxed as a gpio in your inits.
As far as the mmap method you have above you addressing looks correct. The addresses in the ref manual are byte addresses and you are using a 32-bit pointer so what you have there is correct. However, this line: gpio[GPIO_OE/4]=USR1 makes every pin on GPIO1 an output except for 17 which it makes an input (0 = output and 1 = input). You probably meant this: gpio[GPIO_OE/4] &= ~USR1
Also i believe you meant to have gpio[GPIO_SETDATAOUT/4]=USR1; instead of gpio[GPIO_DATAOUT/4]=USR1; They will both cause GPIO1_17 to be set; however, using what you have will also set all the other pins on GPIO1 to be 0.
I would definitely recommend using the designed kernel interfaces because mmap'ing stuff that is also controlled by the kernel can be asking for trouble.
Good Luck! : )
EDIT: My bad just realized you said why you were not driving it directly through the file system because you needed to drive it faster! You may also want to consider writing/modifying the SPI driver so that the stuff is being done in Kernel land if speed is what your after. The omap gpio interfaces are simple to use there as well, just request and set : ).
My utility extracts ACL from a directory & adds it to another. My issue is this -
While iterating through ACEs, I found that for ACEs with AceFlags value = 0, inherit flags (Applied To) is "Folder, subfolders & directories". When I apply the same ACL to another directory, in Windows 7 it works fine. However, in Windows XP, the inherit flags changes to "Folder only". Here is the code -
BOOL SetNonInheritedAceToTarget(LPWSTR pszSource, LPWSTR pszDestination)
{
BOOL bRetVal = FALSE;
DWORD dwRes = 0;
PSECURITY_DESCRIPTOR pSD = NULL;
PACL pacl = NULL;
if( ERROR_SUCCESS == GetNamedSecurityInfo(pszSource, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pacl, NULL, &pSD) )
{
if(pacl)
{
for (USHORT i = 0; i < pacl->AceCount; i++)
{
ACCESS_DENIED_ACE * PACE = NULL;
if (!GetAce(pacl, i,(LPVOID*) &PACE))
continue;
if(PACE->Header.AceFlags & INHERIT_ONLY_ACE || PACE->Header.AceFlags & INHERITED_ACE)
{
// Delete the ACE
if(!DeleteAce(pacl, i))
{
TCHAR szErrorMsg[300] = {0};
wsprintf(szErrorMsg, L"Unable to delete ACE from DACL of = %ls", pszSource);
OutputDebugString(szErrorMsg);
}
}
}
}
}
if(ERROR_SUCCESS == SetNamedSecurityInfo(pszDestination, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION, NULL, NULL, pacl, NULL))
bRetVal = TRUE;
return bRetVal;
}
I don't know if I am messing up with the code or is it really OS related issue. Help!!!. Again, if it is OS related issue, what do recommend, should I assign AceFlag manually?
--
Varun
Yes, ACE have changed with the arrival of Vista, mainly because of the integration of Integrity Level - previously called Integrity Control (IL). You must manually take care of these when your code must run on Windows 7 AND XP.
Oh... Silly me. I was checking INHERIT_ONLY_ACE to see it the ACE is inhereted... Any ways, as Mox pointed out, with vista (and above), new ACEs have been added to enhance integrity check in windows based objects. However, this does not change the way ACEs are interpreted. My code is fine, I was just checking an extra flag.
Thanks Mox for educating me.
--
Varun