dotnet-policy-service[bot]
commented
8 hours ago Tagging subscribers to this area: @dotnet/area-system-diagnostics-performancecounter See info in area-owners.md if you want to be subscribed.
Open steveharter opened 8 hours ago
dotnet-policy-service[bot]
commented
8 hours ago Tagging subscribers to this area: @dotnet/area-system-diagnostics-performancecounter See info in area-owners.md if you want to be subscribed.
When the performance counter code was ported from .NET Framework back in v2.1, it did not bring along the code to pass in an "Authenticated Users" security descriptor when creating the system mutex. This was understandable at the time since the APIs to specify that did not exist. However, the APIs were added as extension methods in v5, so that performance monitor code should be updated. Note that event logs also have the same issue and should be updated as well with this issue.
Since no security descriptor is specified, when the shared mutex is initially created system-wide, it uses the security descriptor from the first process\thread that requests it, which is normally fine, but it is possible that security descriptor has an ACL for a particular account or group that is not compatible with a caller later on causing an access denied scenario.