diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 8db3f4e44..04945b7e6 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,9 @@
+2005-08-08  Corinna Vinschen  <corinna@vinschen.de>
+
+	* security.cc (get_reg_security): New static function.
+	(get_nt_object_security): Call get_reg_security for registry keys
+	to circumvent problems with predefined registry keys.
+
 2005-08-08  Corinna Vinschen  <corinna@vinschen.de>
 
 	* fhandler_process.cc (fhandler_process::open): Allow opening of
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index fce6eb074..870bb6936 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -1340,12 +1340,52 @@ get_nt_attribute (const char *file, mode_t *attribute,
   get_info_from_sd (sd, attribute, uidret, gidret);
 }
 
+static int
+get_reg_security (HANDLE handle, security_descriptor &sd_ret)
+{
+  LONG ret;
+  DWORD len = 0;
+
+  ret = RegGetKeySecurity ((HKEY) handle,
+			   DACL_SECURITY_INFORMATION
+			   | GROUP_SECURITY_INFORMATION
+			   | OWNER_SECURITY_INFORMATION,
+			   sd_ret, &len);
+  if (ret == ERROR_INSUFFICIENT_BUFFER)
+    {
+      if (!sd_ret.malloc (len))
+        set_errno (ENOMEM);
+      else
+	ret = RegGetKeySecurity ((HKEY) handle,
+				 DACL_SECURITY_INFORMATION
+				 | GROUP_SECURITY_INFORMATION
+				 | OWNER_SECURITY_INFORMATION,
+				 sd_ret, &len);
+    }
+  if (ret != STATUS_SUCCESS)
+    {
+      __seterrno ();
+      return -1;
+    }
+  return 0;
+}
+
 int
 get_nt_object_security (HANDLE handle, SE_OBJECT_TYPE object_type,
 			security_descriptor &sd_ret)
 {
   NTSTATUS ret;
   ULONG len = 0;
+  
+  /* Unfortunately, NtQuerySecurityObject doesn't work on predefined registry
+     keys like HKEY_LOCAL_MACHINE.  It fails with "Invalid Handle".  So we
+     have to retreat to the Win32 registry functions for registry keys. 
+     What bugs me is that RegGetKeySecurity is obviously just a wrapper
+     around NtQuerySecurityObject, but there seems to be no function to
+     convert pseudo HKEY values to real handles. */
+  if (object_type == SE_REGISTRY_KEY)
+    return get_reg_security (handle, sd_ret);
+
   ret = NtQuerySecurityObject (handle,
 			       DACL_SECURITY_INFORMATION
 			       | GROUP_SECURITY_INFORMATION