COMMAND

    kernel (ownership)

SYSTEMS AFFECTED

    Win2000

PROBLEM

    Frank Heyne  found following.   There are  some "features"  of the
    implementation of  the special  group CREATOR  OWNER in  W2K which
    results in  unexpected behaviour.   Windows 2000  handles  CREATOR
    OWNER  different  from  all  other  accounts,  and  different from
    earlier versions of Windows NT. Until Windows NT 4.0 this  account
    applied  to  the  CREATOR  of  an  object,  but in Windows 2000 it
    applies to the  OWNER (at least  mostly).  The  difference becomes
    only clear when you change the owner.

    If the permissions  of CREATOR OWNER  are inherited, changing  the
    owner of an object does not change the ACE of the old owner.  This
    was normal behaviour under earlier  versions of NT.  But  when the
    permissions of  CREATOR OWNER  of the  parent object  were changed
    after the owner of the child object was changed, W2K will  replace
    the ACE for the old owner with one for the new owner.  So we  have
    the problem that  sometimes the settings  for CREATOR OWNER  apply
    for the current owner and sometimes they do not.

    Because this is a problem which is impossible to explain  shortly,
    Frank posted here only a summary.  An exhaustive discussion of the
    problem (on the example of registry keys) is available on

        http://www.heysoft.de/nt/reg/w2k/RegDACL_er2.htm#D2

SOLUTION

    The  design  of  the  security  descriptions  of objects should be
    enhanced:  Like the inheritance flags introduced with W2K, a  flag
    marking the ACEs of owners should be used.  This way the operating
    system can change the ACL on the fly when the owner is changed.