Subject: [Boost-bugs] [Boost C++ Libraries] #13466: Security vulnerability in Boost Interprocess
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2018-03-05 10:16:39
#13466: Security vulnerability in Boost Interprocess
-------------------------------------------------+-------------------------
Reporter: Corelogic RiskModel <riskmodel- | Owner: Ion
all.india@…> | Gaztañaga
Type: Bugs | Status: new
Milestone: To Be Determined | Component:
| interprocess
Version: Boost Development Trunk | Severity: Problem
Keywords: security windows DACL |
-------------------------------------------------+-------------------------
Greetings,
Our security team has flagged:
if(!SetSecurityDescriptorDacl(&sd, true, 0, false))
in interprocess\detail\win32_api.hpp as a "high-priority" vulnerability
citing:
"Objects that have null DACLs can have their security descriptors altered
by malicious users so that no one has access to the object. Even if
everyone needs access to an object, the object should be secured so that
only administrators can alter its security".
We've been told to bring this to your attention; Can you please let us
know when it would be feasible to fix?
-- Ticket URL: <https://svn.boost.org/trac10/ticket/13466> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2018-03-05 10:20:10 UTC