In WinNT.h, why are STANDARD_RIGHTS_READ, ...WRITE and ...EXECUTE defined to be the same?

Question

I was doing some Win32 interop. stuff and, while searching headers and perusing the MSDN and defining constants and dll-imports in a happy bubble, I spotted some odd lines in WinNT.h (lines 6486-6488 in my version... er... 7.1a, I think)

#define STANDARD_RIGHTS_READ             (READ_CONTROL)
#define STANDARD_RIGHTS_WRITE            (READ_CONTROL)
#define STANDARD_RIGHTS_EXECUTE          (READ_CONTROL)

I stared at this for a while, sipping my tea, wondering why these three constants are all defined to be the same value.

It's intriguing. Does anyone know?

Answer 1

Different types of kernel object have different pre-defined access masks for reading, writing, and executing.

For example, tokens use TOKEN_READ, TOKEN_WRITE and TOKEN_EXECUTE. Files use FILE_GENERIC_READ, FILE_GENERIC_WRITE and FILE_GENERIC_EXECUTE:

Compare the definitions of TOKEN_READ and FILE_GENERIC_READ:

#define TOKEN_READ       (STANDARD_RIGHTS_READ      |\
                          TOKEN_QUERY)

#define FILE_GENERIC_READ         (STANDARD_RIGHTS_READ     |\
                                   FILE_READ_DATA           |\
                                   FILE_READ_ATTRIBUTES     |\
                                   FILE_READ_EA             |\
                                   SYNCHRONIZE)

STANDARD_RIGHTS_READ is the set of standard access rights that need to appear in an object-type-specific access mask for reading. Similarly for STANDARD_RIGHTS_WRITE and STANDARD_RIGHTS_EXECUTE.

It happens to be the case that the standard access right you need for reading, writing and executing is READ_CONTROL, so STANDARD_RIGHTS_READ, STANDARD_RIGHTS_WRITE and STANDARD_RIGHTS_EXECUTE are all defined as that.