Use Of Mutex should specify security descriptor #110399
Labels
area-System.Diagnostics.PerformanceCounter
bug
in-pr
There is an active PR which will close this issue when it is merged
Milestone
When the performance counter code was ported from .NET Framework back in v2.1, it did not bring along the code to pass in an "Authenticated Users" security descriptor when creating the system mutex. This was understandable at the time since the APIs to specify that did not exist. However, the APIs were added as extension methods in v5, so that performance monitor code should be updated. Note that event logs also have the same issue and should be updated as well with this issue.
Since no security descriptor is specified, when the shared mutex is initially created system-wide, it uses the security descriptor from the first process\thread that requests it, which is normally fine, but it is possible that security descriptor has an ACL for a particular account or group that is not compatible with a caller later on causing an access denied scenario.
The text was updated successfully, but these errors were encountered: