Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I must add a clarification to other answers, and a security warning.</p> <p>First, passing NULL as the <code>lpSemaphoreAttributes</code> argument to <code>::CreateSemaphore()</code> does <em>not</em> mean no access to anybody; rather, it means that default access control will be assigned. <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/ms682438%28v=vs.85%29.aspx">MSDN is crystal clear on that</a>: <em>If this parameter is NULL, the semaphore gets a default security descriptor. The ACLs in the default security descriptor for a semaphore come from the primary or impersonation token of the creator.</em></p> <p>Normally, the semaphore can be opened and used by the same user identity. So, if the semaphore is shared by processes running in the same interactive session, or under the same service identity, it may be opened by another process even if created with the default security descriptor. As @hmjd already noted, you must always explicitly call out the right that you want to assert on the semaphore: <code>SYNCHRONIZE|SEMAPHORE_MODIFY_STATE</code> allows both waiting on and releasing it. </p> <p>Second of all, a word of caution. By granting Everyone full access to the semaphore, as it was suggested above, a security hole for DoS attack is potentially created. You should consider whether you want arbitrary processes to be able to grab and release the semaphore. Is it intended for unrestricted public use? It is always a good practice to assign minimal, narrowly permitting ACLs to objects. Using <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa379567%28v=vs.85%29.aspx">SDDL</a> is probably the easiest way to encode a security descriptor, albeit the script itself is not very readable.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload