MDEV-16963 Tighten named pipe access control

Use real DACL instead of NULL DACL. Grant Everyone just read/write access to pipe (instead of all access like previously with NULL ACL)

MDEV-16963 Tighten named pipe access control
Use real DACL instead of NULL DACL. Grant Everyone just read/write access to pipe (instead of all access like previously with NULL ACL)
074b672b · Vladislav Vaintroub · 3ff0801c · 074b672b
Commit 074b672b authored Aug 13, 2018 by Vladislav Vaintroub
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 11 deletions

sql/mysqld.cc sql/mysqld.cc +11 -11

No files found.
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -1195,9 +1195,9 @@ static	 NTService  Service;	      ///< Service object for WinNT
 #endif /* __WIN__ */
 #ifdef _WIN32
+#include <sddl.h> /* ConvertStringSecurityDescriptorToSecurityDescriptor */
 static char pipe_name[512];
 static SECURITY_ATTRIBUTES saPipeSecurity;
-static SECURITY_DESCRIPTOR sdPipeDescriptor;
 static HANDLE hPipe = INVALID_HANDLE_VALUE;
 #endif
@@ -2238,21 +2238,20 @@ static void network_init(void)
    strxnmov(pipe_name, sizeof(pipe_name)-1, "\\\\.\\pipe\\",
 	     mysqld_unix_port, NullS);
-    bzero((char*) &saPipeSecurity, sizeof(saPipeSecurity));
+    /*
-    bzero((char*) &sdPipeDescriptor, sizeof(sdPipeDescriptor));
+      Create a security descriptor for pipe.
-    if (!InitializeSecurityDescriptor(&sdPipeDescriptor,
+      - Use low integrity level, so that it is possible to connect
-				      SECURITY_DESCRIPTOR_REVISION))
+      from any process.
+      - Give Everyone read/write access to pipe.
+    */
+    if (!ConvertStringSecurityDescriptorToSecurityDescriptor(
+         "S:(ML;; NW;;; LW) D:(A;; FRFW;;; WD)",
+         SDDL_REVISION_1, &saPipeSecurity.lpSecurityDescriptor, NULL))
    {
      sql_perror("Can't start server : Initialize security descriptor");
      unireg_abort(1);
    }
-    if (!SetSecurityDescriptorDacl(&sdPipeDescriptor, TRUE, NULL, FALSE))
-    {
-      sql_perror("Can't start server : Set security descriptor");
-      unireg_abort(1);
-    }
    saPipeSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
-    saPipeSecurity.lpSecurityDescriptor = &sdPipeDescriptor;
    saPipeSecurity.bInheritHandle = FALSE;
    if ((hPipe= CreateNamedPipe(pipe_name,
        PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | FILE_FLAG_FIRST_PIPE_INSTANCE,
@@ -5859,6 +5858,7 @@ pthread_handler_t handle_connections_namedpipes(void *arg)
    thd->security_ctx->host= my_strdup(my_localhost, MYF(0));
    create_new_thread(thd);
  }
+  LocalFree(saPipeSecurity.lpSecurityDescriptor);
  CloseHandle(connectOverlapped.hEvent);
  DBUG_LEAVE;
  decrement_handler_count();