[MDEV-16963] Tighten named pipe access control - Jira

XML
Word
Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5, 10.0, 10.1, 10.2, 10.3
Fix Version/s: 5.5.62, 10.0.37, 10.1.36, 10.2.18, 10.3.10
Component/s: Platform Windows, Server
Labels:
None

Description

If server creates named pipe, it is using NULL DACL via

SetSecurityDescriptorDacl(&sdPipeDescriptor, TRUE, NULL, FALSE)

in mysqld.cc

The documentation for SetSecurityDescriptorDacl() states following about NULL DACL. :

"All access is allowed. You should not use a NULL DACL with an object because any user can change the DACL and owner of the security descriptor. This will interfere with use of the object."

Attachments

Activity

People

Assignee:

Vladislav Vaintroub

Reporter:

Vladislav Vaintroub

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2018-08-13 18:38

Updated:

2018-08-13 22:54

Resolved:

2018-08-13 18:46