Security object problem (STATUS_INVALID_OWNER)

Hi all,

I get STATUS_INVALID_OWNER trying to create a file using the security descriptor of another (so the security properties are the same).

The scenario is more or less like this. Lets say I am trying to create a sort of backup file for each file opened by Excel with write access, so when Excel opens a file A with write access, my minifilter creates a file B in a specific folder and it is created using the security descriptor of the source file A. The error appears with “.odf” extension.
To retrieve the security descriptor I use the following code:

auxSt = ObGetObjectSecurity(tFObj, &secDescriptor, &memAllocated);
And “secDescriptor” is passed to “InitializeObjectAttributes”.

I can reproduce the same error using “FltSetSecurityObject” once the file was created with no security information (NULL). The routine called is the following:

FltSetSecurityObject(vInst, vAuxFObj, securityInformation, secDescriptor);
where securityInformation is DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
and secDescriptor is retrieved using “ObGetObjectSecurity”.

If I modify the security information to copy, as securityInformation = DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION, no error occurs.

Could anyone please explain me what is going on?
What is the difference between performing the action copying OWNER_SECURITY_INFORMATION and not copying it?
Is the destination folder permissions of the file being created somehow related to this error?

Thanks in advance!

All though this reference is for user-mode it explains why you can’t change the owner arbitrarily unless you assign yourself the SeRestorePrivilege.

http://blogs.msdn.com/b/oldnewthing/archive/2005/08/18/453054.aspx

-tj

How to use SeRestorePrivilege in the driver? The documents I read for this was a little confusing.

I followed http://www.osronline.com/article.cfm^article=23.htm to restore the privileges. But I am seeing STATUS_ACCESS_VIOLATION for routine NtAdjustPrivilegesToken() (ZwAdjustPrivilegesToken()) not available.

C’mon. The thread is seven years old. You think the OP is around to answer you?

You want help on this topic: Start a new thread

Peter