Skip to content

Updated Permissions Check For SidHistory #375

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 10, 2019
Merged

Updated Permissions Check For SidHistory #375

merged 1 commit into from
Jun 10, 2019

Conversation

NoMoreFood
Copy link

  • Updated check_secure_file_permission() to perform a reverse lookups on the trustee SID within the file security descriptor to account for multiple SIDs that actually point to the same user.
  • Updated permissions message to display the resolved SID to help with end user debugging.

@NoMoreFood
Updated Permissions Check For SidHistory
9a0ee42 
- Updated check_secure_file_permission() to perform a reverse lookups on the trustee SID within the file security descriptor to account for multiple SIDs that actually point to the same user.
- Updated permissions message to display the resolved SID to help with end user debugging.
@manojampalam
Copy link

manojampalam commented May 21, 2019
edited
Loading

@NoMoreFood can you please help me recollect what issue this was causing ?

@NoMoreFood
Copy link
Author

@manojampalam A user can actually have more than one SID and this is not unusual in environments where domain migrations have occurred. These values are stored in an attribute called 'sIDHistory'. This pull addresses an issue where one of these alternate SIDs has permissions to a protected file in SSH.

@NoMoreFood
Copy link
Author

Addresses: PowerShell/Win32-OpenSSH#1342

@manojampalam manojampalam merged commit 3d35b91 into PowerShell:latestw_all Jun 10, 2019
@NoMoreFood NoMoreFood deleted the sidhistory_issue branch June 11, 2019 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@manojampalam manojampalam manojampalam approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NoMoreFood @manojampalam