File security on NT
-
I'm getting my first taste of the nasty world of NT security issues, so please bare with me if this comes across as one of those newbie questions. It is important that my program is allowed access to every file/folder on a volume. I realise to do this I must add an ACL into the file/folders' DACL. I am able to do this without any problems. But here is the problem, so far I have been adding the looged on users SID to the ACL, storing the old DACL and replacing it on program termination. But, it has come to my attention that this is opening a serious hole in NT's security. If my program does not perform a clean exit, those DACLs will never be replaced, leaving the file/folders' wide open. Is there any other way to do this? Is it possible to add an ACL for my current process and not need to re-adjust the objects security once finished? ie, once the process no longer exists, theoretically the SID would become invalid, would windows perform an auto cleanup? All the examples I have found relate to taking ownership and completely re-writing the security, rather than updating it. Also I have found nothing regarding 'SID of current process'.
Waldermort