New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CLONE -fbclient.dll changes the security descriptor of the calling process. [CORE1301] #1721
Comments
Modified by: Thomas Stamm (thomas)priority: Major [ 3 ] => Blocker [ 1 ] Version: 2.0.1 [ 10090 ] description: Using the fbclient dll (open an connection to an database) seems to change the security descriptor of the calling process. Maybe there is an SET_ACCESS instead of GRANT_ACCESS somewhere in the code. Regards => The FBClient.dll Version 2.0.1.12855 is still changing the security descriptor of the calling process after opening a database. For Example: If the process has granted the 'PROCESS_DUP_HANDLE' right, after opening an connection to the DB this right is no longer given. Maybe there is an SET_ACCESS instead of GRANT_ACCESS somewhere in the code. Example (pseudo code): hCP := OpenProcess( PROCESS_DUP_HANDLE, True, GetCurrentProcessId); This BUG stops me from any further testing with FB2.0. environment: Windows XP => Windows XP, Windows 2003, .. |
Commented by: @hvlad Can't reproduce it even with 1.5.3.4900 fbclient. Create a reproducible test case and don't forget to call GetLastError after failed system call |
Commented by: Thomas Stamm (thomas) This testcase using modified api2.c example, shows the effect of this. |
Modified by: Thomas Stamm (thomas)Attachment: api2.zip [ 10413 ] |
Modified by: @hvladassignee: Dmitry Yemanov [ dimitr ] => Vlad Horsun [ hvlad ] status: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 2.1 Beta 1 [ 10141 ] Fix Version: 2.1 Alpha 1 [ 10150 ] => Fix Version: 2.0.1 [ 10090 ] => |
Commented by: Thomas Stamm (thomas) Hi Vlad, Is it possible to integrate that fix into an FB 2.0.1. HOTFIX? Regards |
Commented by: @hvlad I don't know what do you mean under "FB 2.0.1. HOTFIX" but i think we can port fix into upcoming FB 2.0.2 ;) |
Commented by: Thomas Stamm (thomas) Is it possible to get the fixed fbclient.dll as 'private' update, so I can continue testing FB2.0.1 in my original environment. |
Commented by: @hvlad Sent at e-mail found at your profile |
Commented by: Thomas Stamm (thomas) works create! Regards (Have to answer this way EMail doesn't work) |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Commented by: @dyemanov Reopened to be re-closed properly :-) |
Modified by: @hvladFix Version: 2.0.2 [ 10130 ] |
Commented by: @pcisar Fix confirmed by reporter. Test was not created. |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Modified by: @pcisarWorkflow: jira [ 12274 ] => Firebird [ 15530 ] |
Modified by: @pavel-zotovQA Status: No test |
Submitted by: Thomas Stamm (thomas)
Duplicates CORE984
Attachments:
api2.zip
Votes: 1
The FBClient.dll Version 2.0.1.12855 is still changing the security descriptor of the calling process after opening a database.
For Example: If the process has granted the 'PROCESS_DUP_HANDLE' right, after opening an connection to the DB this right is no longer given.
This makes it impossible to have other processes to share handles to synchonization objects or other handles.
Maybe there is an SET_ACCESS instead of GRANT_ACCESS somewhere in the code.
Example (pseudo code):
hCP := OpenProcess( PROCESS_DUP_HANDLE, True, GetCurrentProcessId);
if hCP <> 0 then begin
//Working
FBClient.OpenDB;
hCP := OpenProcess( PROCESS_DUP_HANDLE, True, GetCurrentProcessId);
if hCP = 0 then begin
//It is not working any more
end;
end;
This BUG stops me from any further testing with FB2.0.
Commits: b638129 d63015a
The text was updated successfully, but these errors were encountered: