diff options
| author | Vladislav Vaintroub <wlad@mariadb.com> | 2018-08-13 19:43:59 +0100 |
|---|---|---|
| committer | Vladislav Vaintroub <wlad@mariadb.com> | 2018-08-13 19:43:59 +0100 |
| commit | 074b672b5d94d291afce5f6541f39d68c65caa62 (patch) | |
| tree | 3653d18d93bc6c1b33200967da2cf33b96f9c8af /sql | |
| parent | 3ff0801c7397e3ae5fc538ffca3d58891cd4f27b (diff) | |
| download | mariadb-git-074b672b5d94d291afce5f6541f39d68c65caa62.tar.gz | |
MDEV-16963 Tighten named pipe access control
Use real DACL instead of NULL DACL.
Grant Everyone just read/write access to pipe
(instead of all access like previously with NULL ACL)
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/mysqld.cc | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 5a9aba7f2e4..aa749e5aaef 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -1195,9 +1195,9 @@ static NTService Service; ///< Service object for WinNT #endif /* __WIN__ */ #ifdef _WIN32 +#include <sddl.h> /* ConvertStringSecurityDescriptorToSecurityDescriptor */ static char pipe_name[512]; static SECURITY_ATTRIBUTES saPipeSecurity; -static SECURITY_DESCRIPTOR sdPipeDescriptor; static HANDLE hPipe = INVALID_HANDLE_VALUE; #endif @@ -2238,21 +2238,20 @@ static void network_init(void) strxnmov(pipe_name, sizeof(pipe_name)-1, "\\\\.\\pipe\\", mysqld_unix_port, NullS); - bzero((char*) &saPipeSecurity, sizeof(saPipeSecurity)); - bzero((char*) &sdPipeDescriptor, sizeof(sdPipeDescriptor)); - if (!InitializeSecurityDescriptor(&sdPipeDescriptor, - SECURITY_DESCRIPTOR_REVISION)) + /* + Create a security descriptor for pipe. + - Use low integrity level, so that it is possible to connect + from any process. + - Give Everyone read/write access to pipe. + */ + if (!ConvertStringSecurityDescriptorToSecurityDescriptor( + "S:(ML;; NW;;; LW) D:(A;; FRFW;;; WD)", + SDDL_REVISION_1, &saPipeSecurity.lpSecurityDescriptor, NULL)) { sql_perror("Can't start server : Initialize security descriptor"); unireg_abort(1); } - if (!SetSecurityDescriptorDacl(&sdPipeDescriptor, TRUE, NULL, FALSE)) - { - sql_perror("Can't start server : Set security descriptor"); - unireg_abort(1); - } saPipeSecurity.nLength = sizeof(SECURITY_ATTRIBUTES); - saPipeSecurity.lpSecurityDescriptor = &sdPipeDescriptor; saPipeSecurity.bInheritHandle = FALSE; if ((hPipe= CreateNamedPipe(pipe_name, PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | FILE_FLAG_FIRST_PIPE_INSTANCE, @@ -5859,6 +5858,7 @@ pthread_handler_t handle_connections_namedpipes(void *arg) thd->security_ctx->host= my_strdup(my_localhost, MYF(0)); create_new_thread(thd); } + LocalFree(saPipeSecurity.lpSecurityDescriptor); CloseHandle(connectOverlapped.hEvent); DBUG_LEAVE; decrement_handler_count(); |