@@ -5587,9 +5587,18 @@ struct _Py_SECURITY_ATTRIBUTE_DATA {
55875587PACL acl ;
55885588SECURITY_DESCRIPTOR sd ;
55895589EXPLICIT_ACCESS_W ea [4 ];
5590- char sid [64 ];
5590+ BYTE sidAdmins [SECURITY_MAX_SID_SIZE ];
5591+ BYTE sidSystem [SECURITY_MAX_SID_SIZE ];
5592+ BYTE sidCreator [SECURITY_MAX_SID_SIZE ];
55915593};
55925594
5595+ static int
5596+ _initializeSid (BYTE * sid ,WELL_KNOWN_SID_TYPE sidType )
5597+ {
5598+ DWORD cbSid = SECURITY_MAX_SID_SIZE ;
5599+ return CreateWellKnownSid (sidType ,NULL ,sid ,& cbSid ) ?1 :0 ;
5600+ }
5601+
55935602static int
55945603initializeDefaultSecurityAttributes (
55955604PSECURITY_ATTRIBUTES * securityAttributes ,
@@ -5612,44 +5621,37 @@ initializeMkdir700SecurityAttributes(
56125621* securityAttributes = NULL ;
56135622memset (data ,0 ,sizeof (* data ));
56145623
5624+ SID_IDENTIFIER_AUTHORITY SidNtAuthority = SECURITY_NT_AUTHORITY ;
56155625if (!InitializeSecurityDescriptor (& data -> sd ,SECURITY_DESCRIPTOR_REVISION )
5616- || !SetSecurityDescriptorGroup (& data -> sd ,NULL , TRUE)) {
5626+ || !SetSecurityDescriptorGroup (& data -> sd ,NULL , TRUE)
5627+ || !_initializeSid (data -> sidAdmins ,WinBuiltinAdministratorsSid )
5628+ || !_initializeSid (data -> sidSystem ,WinLocalSystemSid )
5629+ || !_initializeSid (data -> sidCreator ,WinCreatorOwnerRightsSid )
5630+ ) {
56175631return GetLastError ();
56185632 }
56195633
5620- int use_alias = 0 ;
5621- DWORD cbSid = sizeof (data -> sid );
5622- if (!CreateWellKnownSid (WinCreatorOwnerRightsSid ,NULL , (PSID )data -> sid ,& cbSid )) {
5623- use_alias = 1 ;
5624- }
5625-
56265634data -> securityAttributes .nLength = sizeof (SECURITY_ATTRIBUTES );
56275635data -> ea [0 ].grfAccessPermissions = GENERIC_ALL ;
56285636data -> ea [0 ].grfAccessMode = SET_ACCESS ;
56295637data -> ea [0 ].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT ;
5630- if (use_alias ) {
5631- data -> ea [0 ].Trustee .TrusteeForm = TRUSTEE_IS_NAME ;
5632- data -> ea [0 ].Trustee .TrusteeType = TRUSTEE_IS_ALIAS ;
5633- data -> ea [0 ].Trustee .ptstrName = L"CURRENT_USER" ;
5634- }else {
5635- data -> ea [0 ].Trustee .TrusteeForm = TRUSTEE_IS_SID ;
5636- data -> ea [0 ].Trustee .TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP ;
5637- data -> ea [0 ].Trustee .ptstrName = (LPWCH )(SID * )data -> sid ;
5638- }
5638+ data -> ea [0 ].Trustee .TrusteeForm = TRUSTEE_IS_SID ;
5639+ data -> ea [0 ].Trustee .TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP ;
5640+ data -> ea [0 ].Trustee .ptstrName = (LPWCH )data -> sidSystem ;
56395641
56405642data -> ea [1 ].grfAccessPermissions = GENERIC_ALL ;
56415643data -> ea [1 ].grfAccessMode = SET_ACCESS ;
56425644data -> ea [1 ].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT ;
5643- data -> ea [1 ].Trustee .TrusteeForm = TRUSTEE_IS_NAME ;
5644- data -> ea [1 ].Trustee .TrusteeType = TRUSTEE_IS_ALIAS ;
5645- data -> ea [1 ].Trustee .ptstrName = L"SYSTEM" ;
5645+ data -> ea [1 ].Trustee .TrusteeForm = TRUSTEE_IS_SID ;
5646+ data -> ea [1 ].Trustee .TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP ;
5647+ data -> ea [1 ].Trustee .ptstrName = ( LPWCH ) data -> sidAdmins ;
56465648
56475649data -> ea [2 ].grfAccessPermissions = GENERIC_ALL ;
56485650data -> ea [2 ].grfAccessMode = SET_ACCESS ;
56495651data -> ea [2 ].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT ;
5650- data -> ea [2 ].Trustee .TrusteeForm = TRUSTEE_IS_NAME ;
5652+ data -> ea [2 ].Trustee .TrusteeForm = TRUSTEE_IS_SID ;
56515653data -> ea [2 ].Trustee .TrusteeType = TRUSTEE_IS_ALIAS ;
5652- data -> ea [2 ].Trustee .ptstrName = L"ADMINISTRATORS" ;
5654+ data -> ea [2 ].Trustee .ptstrName = ( LPWCH ) data -> sidCreator ;
56535655
56545656int r = SetEntriesInAclW (3 ,data -> ea ,NULL ,& data -> acl );
56555657if (r ) {