Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16963

Tighten named pipe access control

    XMLWordPrintable

Details

    Description

      If server creates named pipe, it is using NULL DACL via

      SetSecurityDescriptorDacl(&sdPipeDescriptor, TRUE, NULL, FALSE)

      in mysqld.cc

      The documentation for SetSecurityDescriptorDacl() states following about NULL DACL. :

      "All access is allowed. You should not use a NULL DACL with an object because any user can change the DACL and owner of the security descriptor. This will interfere with use of the object."

      Attachments

        Activity

          People

            wlad Vladislav Vaintroub
            wlad Vladislav Vaintroub
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.