--- security.cc.in	Wed Jan  9 20:35:04 2002
+++ security.cc	Tue Jan 15 18:58:46 2002
@@ -696,6 +696,18 @@
   return TRUE;
 }

+static BOOL
+get_sd (PSECURITY_DESCRIPTOR psd, PACL acl)
+{
+  if (!(InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION) &&
+        SetSecurityDescriptorDacl(psd, TRUE, acl, FALSE)))
+  {
+    __seterrno ();
+    return FALSE;
+  }
+  return TRUE;
+}
+
 HANDLE
 create_token (cygsid &usersid, cygsid &pgrpsid)
 {
@@ -710,7 +722,8 @@
     { sizeof sqos, SecurityImpersonation, SECURITY_STATIC_TRACKING, FALSE };
   OBJECT_ATTRIBUTES oa =
     { sizeof oa, 0, 0, 0, 0, &sqos };
-  SECURITY_ATTRIBUTES sa = { sizeof sa, NULL, TRUE };
+  SECURITY_DESCRIPTOR sd;
+  SECURITY_ATTRIBUTES sa = { sizeof sa, &sd, TRUE };
   LUID auth_luid = SYSTEM_LUID;
   LARGE_INTEGER exp = { QuadPart:0x7fffffffffffffffLL  };

@@ -813,10 +826,14 @@
     goto out;
   dacl.DefaultDacl = (PACL) acl_buf;

+  /* Create security info */
+  if (!get_sd (& sd, (PACL) acl_buf))
+	goto out;
+
   /* Let's be heroic... */
   ret = NtCreateToken (&token, TOKEN_ALL_ACCESS, &oa, TokenImpersonation,
 		       &auth_luid, &exp, &user, grps, privs, &owner, &pgrp,
-		       &dacl, &source);
+	           &dacl, &source);
   if (ret)
     set_errno (RtlNtStatusToDosError (ret));
   else if (GetLastError () == ERROR_PROC_NOT_FOUND)
@@ -827,9 +844,18 @@

   /* Convert to primary token. */
   if (!DuplicateTokenEx (token, TOKEN_ALL_ACCESS, &sa,
-			 SecurityImpersonation, TokenPrimary,
-			 &primary_token))
-    __seterrno ();
+						 SecurityImpersonation, TokenPrimary,
+						 &primary_token))
+    {
+      __seterrno ();
+      debug_printf ("DuplicateTokenEx failed.");
+    }
+  /* Convert to primary token. */
+  if (!SetKernelObjectSecurity(token, DACL_SECURITY_INFORMATION, &sd))
+    {
+      __seterrno ();
+      debug_printf ("SetKernelObjectSecurity failed.");
+    }

 out:
   if (old_priv_state >= 0)