[MDEV-16963] Tighten named pipe access control - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5(EOL), 10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL)
Fix Version/s: 5.5.62, 10.0.37, 10.1.36, 10.2.18, 10.3.10
Component/s: Platform Windows, Server
Labels:
None

Description

If server creates named pipe, it is using NULL DACL via

SetSecurityDescriptorDacl(&sdPipeDescriptor, TRUE, NULL, FALSE)

in mysqld.cc

The documentation for SetSecurityDescriptorDacl() states following about NULL DACL. :

"All access is allowed. You should not use a NULL DACL with an object because any user can change the DACL and owner of the security descriptor. This will interfere with use of the object."

Attachments

Activity

People

Assignee:: Vladislav Vaintroub

Reporter:: Vladislav Vaintroub

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2018-08-13 18:38

Updated:: 2018-08-13 22:54

Resolved:: 2018-08-13 18:46

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.