Can I query for security descriptor using FltQuerySecurityObject() for all security info

Can I call FltQuerySecurityObject() to get security descriptor for all OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION, DACL_SECURITY_INFORMATION, ACL_SECURITY_INFORMATION at once?

e.g., FltQuerySecurityObject( fltInstance, fileObject, (OWNER_SECURITY_INFORMATION + GROUP_SECURITY_INFORMATION + DACL_SECURITY_INFORMATION + ACL_SECURITY_INFORMATION), pSecDesc, length, &lengthNeeded)

Did you try it?

It takes 20 minutes to test this, time better spent with other code, if someone can confirm :slight_smile:

No. But you can use | (logical OR) instead of + (additoon). In case of flags that usually works, but is a programming error, in case flags are not using completely different bits.

It takes 20 minutes to test this, time better spent with other code, if someone can confirm :slight_smile:

Disagree. You invest 20 minutes and you know the answer for sure … instead of sitting with your thumb up your ass for several hours waiting for somebody to “confirm”… and then you’re 100% reliant on that person’s information, which may or may not be correct.

Do your own engineering whenever that’s practically possible. Believe stuff that you’ve seen with your own eyes, and that makes sense. Early in my career, I worked with a pretty senior engineer who had a propensity for repeating things told him instead of doing his own engineering. This was very efficient for him, time wise. It also almost ruined his career — no exaggeration— when several key things he was fond of repeating turned out to be wrong. He actually made it a point to tell me about this, and to counsel me to always verify things for myself. I never forgot the lesson.

Peter

In general, I have that approach. But for things trivial, especially if you can do something else instead of those 20 minutes, yeah, it makes sense. It adds up to weeks a year.

Plus imagine the flags not being separate big flags, he would have tested and though “nope, does not work”.

It adds up to weeks a year.

And breeds dependence, sloth, and sloppiness. I wonder how well one learns, if one always asks others for the answers and doesn’t exercise his/her own intellect?

OTOH, if the OP was struggling with a complex architecural concept, it’s not practical for him to acquire the years of experience to be able to answer such a question. And in those cases, he’ll sort of have to just take our word for the answer.

Plus imagine the flags not being separate big flags, he would have tested and though “nope, does not work”.

And then he would, eventually, learn how to program in C.

We have very different views on the various uses of our time, Mr. Maksimovic… I find that interesting. Certainly, I intend no disrespect to your attitude; I just really differ.

Peter

> And breeds dependence, sloth, and sloppiness. I wonder how well one learns,

if one always asks others for the answers and doesn’t exercise his/her own
intellect?
True, “Always” being the key word here.

And then he would, eventually, learn how to program in C.
:slight_smile:

We have very different views on the various uses of our time, Mr.
Maksimovic… I find that interesting. Certainly, I intend no disrespect to
your attitude; I just really differ.
Ditto.