Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Of Mutex should specify security descriptor #110399

Open
steveharter opened this issue Dec 4, 2024 · 1 comment · May be fixed by #110416
Open

Use Of Mutex should specify security descriptor #110399

steveharter opened this issue Dec 4, 2024 · 1 comment · May be fixed by #110416
Assignees
Labels
area-System.Diagnostics.PerformanceCounter bug in-pr There is an active PR which will close this issue when it is merged
Milestone

Comments

@steveharter
Copy link
Member

steveharter commented Dec 4, 2024

When the performance counter code was ported from .NET Framework back in v2.1, it did not bring along the code to pass in an "Authenticated Users" security descriptor when creating the system mutex. This was understandable at the time since the APIs to specify that did not exist. However, the APIs were added as extension methods in v5, so that performance monitor code should be updated. Note that event logs also have the same issue and should be updated as well with this issue.

Since no security descriptor is specified, when the shared mutex is initially created system-wide, it uses the security descriptor from the first process\thread that requests it, which is normally fine, but it is possible that security descriptor has an ACL for a particular account or group that is not compatible with a caller later on causing an access denied scenario.

@dotnet-policy-service dotnet-policy-service bot added the untriaged New issue has not been triaged by the area owner label Dec 4, 2024
@steveharter steveharter self-assigned this Dec 4, 2024
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-diagnostics-performancecounter
See info in area-owners.md if you want to be subscribed.

@steveharter steveharter added this to the 10.0.0 milestone Dec 4, 2024
@steveharter steveharter changed the title Use Of CreateMutex should specify security descriptor Use Of Mutex should specify security descriptor Dec 4, 2024
@steveharter steveharter added bug and removed untriaged New issue has not been triaged by the area owner labels Dec 4, 2024
@dotnet-policy-service dotnet-policy-service bot added the in-pr There is an active PR which will close this issue when it is merged label Dec 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-System.Diagnostics.PerformanceCounter bug in-pr There is an active PR which will close this issue when it is merged
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant