1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MDEV-16963 Tighten named pipe access control

Browse Source 
Use real DACL instead of NULL DACL.
Grant Everyone just read/write access to pipe
(instead of all access like previously with NULL ACL)
This commit is contained in:
Vladislav Vaintroub 2018-08-13 19:43:59 +01:00
parent 3ff0801c73
commit 074b672b5d
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
sql/mysqld.cc
View File

@ -1195,9 +1195,9 @@ static NTService Service; ///< Service object for WinNT
#endif /* __WIN__ */ #endif /* __WIN__ */
#ifdef _WIN32 #ifdef _WIN32
#include <sddl.h> /* ConvertStringSecurityDescriptorToSecurityDescriptor */
static char pipe_name[512]; static char pipe_name[512];
static SECURITY_ATTRIBUTES saPipeSecurity; static SECURITY_ATTRIBUTES saPipeSecurity;
static SECURITY_DESCRIPTOR sdPipeDescriptor;
static HANDLE hPipe = INVALID_HANDLE_VALUE; static HANDLE hPipe = INVALID_HANDLE_VALUE;
#endif #endif
@ -2238,21 +2238,20 @@ static void network_init(void)
strxnmov(pipe_name, sizeof(pipe_name)-1, "\\\\.\\pipe\\", strxnmov(pipe_name, sizeof(pipe_name)-1, "\\\\.\\pipe\\",
mysqld_unix_port, NullS); mysqld_unix_port, NullS);
bzero((char*) &saPipeSecurity, sizeof(saPipeSecurity)); /*
bzero((char*) &sdPipeDescriptor, sizeof(sdPipeDescriptor)); Create a security descriptor for pipe.
if (!InitializeSecurityDescriptor(&sdPipeDescriptor, - Use low integrity level, so that it is possible to connect
SECURITY_DESCRIPTOR_REVISION)) from any process.
- Give Everyone read/write access to pipe.
*/
if (!ConvertStringSecurityDescriptorToSecurityDescriptor(
"S:(ML;; NW;;; LW) D:(A;; FRFW;;; WD)",
SDDL_REVISION_1, &saPipeSecurity.lpSecurityDescriptor, NULL))
{ {
sql_perror("Can't start server : Initialize security descriptor"); sql_perror("Can't start server : Initialize security descriptor");
unireg_abort(1); unireg_abort(1);
} }
if (!SetSecurityDescriptorDacl(&sdPipeDescriptor, TRUE, NULL, FALSE))
{
sql_perror("Can't start server : Set security descriptor");
unireg_abort(1);
}
saPipeSecurity.nLength = sizeof(SECURITY_ATTRIBUTES); saPipeSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
saPipeSecurity.lpSecurityDescriptor = &sdPipeDescriptor;
saPipeSecurity.bInheritHandle = FALSE; saPipeSecurity.bInheritHandle = FALSE;
if ((hPipe= CreateNamedPipe(pipe_name, if ((hPipe= CreateNamedPipe(pipe_name,
PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | FILE_FLAG_FIRST_PIPE_INSTANCE, PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | FILE_FLAG_FIRST_PIPE_INSTANCE,
@ -5859,6 +5858,7 @@ pthread_handler_t handle_connections_namedpipes(void *arg)
thd->security_ctx->host= my_strdup(my_localhost, MYF(0)); thd->security_ctx->host= my_strdup(my_localhost, MYF(0));
create_new_thread(thd); create_new_thread(thd);
} }
LocalFree(saPipeSecurity.lpSecurityDescriptor);
CloseHandle(connectOverlapped.hEvent); CloseHandle(connectOverlapped.hEvent);
DBUG_LEAVE; DBUG_LEAVE;
decrement_handler_count(); decrement_handler_count();