لطفا منتظر باشید ...
Security Attributes
This chapter explores Windows access control by proceeding from the top down to show how an object's security is constructed. Following an overview, the Windows functions are described in detail before proceeding to the examples. In the case of files, it is also possible to use the Windows Explorer to examine and manage some security attributes of NTFS objects.Nearly any object created with a Create system call has a security attributes parameter. Therefore, programs can secure files, processes, threads, events, semaphores, named pipes, and so on. The first step is to include a SECURITY_ATTRIBUTES structure in the Create call. Until now, our programs have always used a NULL pointer in Create calls or have used SECURITY_ATTRIBUTES simply to create inheritable handles (Chapter 6). In order to implement security, the important element in the SECURITY_ATTRIBUTES structure is lpSecurityDescriptor, the pointer to a security descriptor, which describes the object's owner and determines which users are allowed or denied various rights.Chapter 6; for review, here is the complete structure definition:
typedef struct _SECURITY_ATTRIBUTES {
DWORD nLength;
LPVOID lpSecurityDescriptor;
BOOL bInheritHandle;
} SECURITY_ATTRIBUTES;
nLength should be set to sizeof (SECURITY_ATTRIBUTES). bInheritHandle indicates whether or not the handle is inheritable by other processes.The next section describes the security descriptor components.
