Skip to content

Commit

Permalink
fix: Check if folder is owned by administrators group (GitoxideLabs#1429
Browse files Browse the repository at this point in the history
)

The code had checked the process or thread's SID to see if it
matched the administrators group, but this will never be the case
since the process or thread is running as some user.

If the folder token is that of the administrators group, then at
that point we can check membership of the current thread SID in it.
  • Loading branch information
EliahKagan committed Aug 26, 2024
1 parent 4f2ab5b commit 2019931
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions gix-sec/src/identity.rs
Original file line number Diff line number Diff line change
Expand Up @@ -187,12 +187,12 @@ mod impl_ {
}

// Admin-group owned folders are considered owned by the current user, if they are in the admin group
if IsWellKnownSid(token_owner, WinBuiltinAdministratorsSid) == 0 {
if IsWellKnownSid(folder_owner, WinBuiltinAdministratorsSid) == 0 {
return Ok(false);
}

let mut is_member = 0;
if CheckTokenMembership(0, token_owner, &mut is_member) == 0 {
if CheckTokenMembership(0, folder_owner, &mut is_member) == 0 {
error!("Couldn't check if user is an administrator");
}

Expand Down

0 comments on commit 2019931

Please sign in to comment.