[MDEV-16963] Tighten named pipe access control - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5, 10.1, 10.2, 10.3, 10.0
Fix Version/s: 5.5.62, 10.0.37, 10.1.36, 10.2.18, 10.3.10
Component/s: Platform Windows, Server
Labels:
None

Description

If server creates named pipe, it is using NULL DACL via

SetSecurityDescriptorDacl(&sdPipeDescriptor, TRUE, NULL, FALSE)

in mysqld.cc

The documentation for SetSecurityDescriptorDacl() states following about NULL DACL. :

"All access is allowed. You should not use a NULL DACL with an object because any user can change the DACL and owner of the security descriptor. This will interfere with use of the object."

Attachments

Activity

People

Assignee:: Vladislav Vaintroub

Reporter:: Vladislav Vaintroub

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2018-08-13 18:38

Updated:: 2018-08-13 22:54

Resolved:: 2018-08-13 18:46