How to create a NULL / empty DACL?

Question

How to create a NULL / empty DACL?

I need to grant access to everyone for the named pipe that I create. I understand how to do this: create a NULL / empty DACL and pass it to CreateNamedPipe.

How to create NULL DACL? I was told that this is not the same as passing a NULL pointer to LPSECURITY_ATTRIBUTES.

+5

c ++ security winapi dacl

sashoalm Jan 24 '13 at 13:26

source share

2 answers

, :

SECURITY_DESCRIPTOR  pSD;
SECURITY_ATTRIBUTES  SA;

if(!InitializeSecurityDescriptor(&pSD, SECURITY_DESCRIPTOR_REVISION))
    throw error;
if(!SetSecurityDescriptorDacl(&pSD, true, NULL, false))
    throw error;
SA.nLength = sizeof(SA);
SA.lpSecurityDescriptor = &pSD;
SA.bInheritHandle = true;
pSA = &SA;
...
FMapping = CreateFileMapping(INVALID_HANDLE_VALUE, pSA, PAGE_READWRITE, 0, 4096, p);

+4

Eugene Mayevski 'Allied Bits 24 . '13 13:36

David Heffernan · Accepted Answer · 2013-01-24T13:34:00+0000

Like this:

SECURITY_DESCRIPTOR SD;
InitializeSecurityDescriptor(&SD, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&SD, TRUE, NULL, FALSE);

I skipped error checking for brevity. You would not do that.

Then, when you call CreateNamedPipe, you can configure the recording of security attributes as follows:

SA.nLength = sizeof(SA);
SA.lpSecurityDescriptor = &SD;
SA.bInheritHandle = TRUE;

The documentation for SetSecurityDescriptorDaclstates:

pDacl DACL, bDaclPresent TRUE, NULL DACL. . NULL DACL , DACL . .

, , , , .

How to create a NULL / empty DACL?

More articles: