CLONE -fbclient.dll changes the security descriptor of the calling process. [CORE1301]

[firebird-automations]

Submitted by: Thomas Stamm (thomas)

Duplicates CORE984

Attachments: api2.zip

Votes: 1

The FBClient.dll Version 2.0.1.12855 is still changing the security descriptor of the calling process after opening a database.

For Example: If the process has granted the 'PROCESS_DUP_HANDLE' right, after opening an connection to the DB this right is no longer given. This makes it impossible to have other processes to share handles to synchonization objects or other handles.

Maybe there is an SET_ACCESS instead of GRANT_ACCESS somewhere in the code.

Example (pseudo code):

hCP := OpenProcess( PROCESS_DUP_HANDLE, True, GetCurrentProcessId); if hCP <> 0 then begin //Working FBClient.OpenDB; hCP := OpenProcess( PROCESS_DUP_HANDLE, True, GetCurrentProcessId); if hCP = 0 then begin //It is not working any more end; end;

This BUG stops me from any further testing with FB2.0.

Commits: FirebirdSQL/firebird@b638129d8f3159de11cb9776471a5803b0acc935 FirebirdSQL/firebird@d63015a1f5d0315c2afd024e6f94636ab48760de

[firebird-automations]

Modified by: Thomas Stamm (thomas)

priority: Major \[ 3 \] =\> Blocker \[ 1 \] Version: 2\.0\.1 \[ 10090 \] description: Using the fbclient dll \(open an connection to an database\) seems to change the security descriptor of the calling process\. For Example: If the process has granted the 'PROCESS\_DUP\_HANDLE' right, after opening an connection to the DB this right is no longer given\. This makes it impossible to have other processes to share handles to synchonization objects or other handles\. Maybe there is an SET\_ACCESS instead of GRANT\_ACCESS somewhere in the code\. Regards Thomas =\> The FBClient\.dll Version 2\.0\.1\.12855 is still changing the security descriptor of the calling process after opening a database\. For Example: If the process has granted the 'PROCESS\_DUP\_HANDLE' right, after opening an connection to the DB this right is no longer given\. This makes it impossible to have other processes to share handles to synchonization objects or other handles\. Maybe there is an SET\_ACCESS instead of GRANT\_ACCESS somewhere in the code\. Example \(pseudo code\): hCP := OpenProcess\( PROCESS\_DUP\_HANDLE, True, GetCurrentProcessId\); if hCP <\> 0 then begin //Working FBClient\.OpenDB; hCP := OpenProcess\( PROCESS\_DUP\_HANDLE, True, GetCurrentProcessId\); if hCP = 0 then begin //It is not working any more end; end; This BUG stops me from any further testing with FB2\.0\. environment: Windows XP =\> Windows XP, Windows 2003, \.\.

[firebird-automations]

Commented by: @hvlad

Can't reproduce it even with 1.5.3.4900 fbclient. Process was 'runned as' ordinal user on W2K Srv

Create a reproducible test case and don't forget to call GetLastError after failed system call

[firebird-automations]

Commented by: Thomas Stamm (thomas)

This testcase using modified api2.c example, shows the effect of this.

[firebird-automations]

Modified by: Thomas Stamm (thomas)

Attachment: api2\.zip \[ 10413 \]

[firebird-automations]

Modified by: @hvlad

assignee: Dmitry Yemanov \[ dimitr \] =\> Vlad Horsun \[ hvlad \] status: Open \[ 1 \] =\> Resolved \[ 5 \] resolution: Fixed \[ 1 \] Fix Version: 2\.1 Beta 1 \[ 10141 \] Fix Version: 2\.1 Alpha 1 \[ 10150 \] =\> Fix Version: 2\.0\.1 \[ 10090 \] =\>

[firebird-automations]

Commented by: Thomas Stamm (thomas)

Hi Vlad,

Is it possible to integrate that fix into an FB 2.0.1. HOTFIX? I have an emergence situation because my 1.5.4 Server's are crashing frequently (see CORE1297) and I need a solution. So I try to use FB2.0.1.

Regards Thomas

[firebird-automations]

Commented by: @hvlad

I don't know what do you mean under "FB 2.0.1. HOTFIX" but i think we can port fix into upcoming FB 2.0.2 ;)

[firebird-automations]

Commented by: Thomas Stamm (thomas)

Is it possible to get the fixed fbclient.dll as 'private' update, so I can continue testing FB2.0.1 in my original environment.

[firebird-automations]

Commented by: @hvlad

Sent at e-mail found at your profile

[firebird-automations]

Commented by: Thomas Stamm (thomas)

works create! Many, Many thanks

Regards Thomas

(Have to answer this way EMail doesn't work)

[firebird-automations]

Modified by: @pcisar

status: Resolved \[ 5 \] =\> Closed \[ 6 \]

[firebird-automations]

Modified by: @dyemanov

Link: This issue duplicates [CORE984](https://github.com/FirebirdSQL/firebird/issues?q=CORE984+in%3Atitle) \[ [CORE984](https://github.com/FirebirdSQL/firebird/issues?q=CORE984+in%3Atitle) \]

[firebird-automations]

Commented by: @dyemanov

Reopened to be re-closed properly :-)

[firebird-automations]

Modified by: @dyemanov

status: Closed \[ 6 \] =\> Reopened \[ 4 \] resolution: Fixed \[ 1 \] =\>

[firebird-automations]

Commented by: @dyemanov

Duplicates CORE984. The original ticket should be reopened instead.

[firebird-automations]

Modified by: @dyemanov

status: Reopened \[ 4 \] =\> Resolved \[ 5 \] resolution: Duplicate \[ 3 \]

[firebird-automations]

Modified by: @hvlad

Fix Version: 2\.0\.2 \[ 10130 \]

[firebird-automations]

Commented by: @pcisar

Fix confirmed by reporter. Test was not created.

[firebird-automations]

Modified by: @pcisar

status: Resolved \[ 5 \] =\> Closed \[ 6 \]

[firebird-automations]

Modified by: @pcisar

Workflow: jira \[ 12274 \] =\> Firebird \[ 15530 \]

[firebird-automations]

Modified by: @pavel-zotov

QA Status: No test