#79 Sempahore handling

None
open
nobody
5
2012-08-22
2006-05-15
Anonymous
No

when creating a semaphore using syscreateeventsem, the
the semaphore object gets the windows-default
permissions. which means, that only the user, who
created it, can access it.
if a rexx process which is started by another user,
tries to access the semaphore an error is returned and
program execution is interrupted.

possible solutions:
1.) implement a feature to change the acl's of the
semaphore object.
2.) reimplement the syscreateeventsem, so that the
semaphore object automatically has full access for
everyone (see sample).

kind regards,
edi

Discussion

  • David Ashley
    David Ashley
    2006-05-15

    Logged In: YES
    user_id=931756

    Semaphore access has been limited in this way since the very
    beginning of Object REXX on Windows. Only the userid that
    created the semaphore has access to that semaphore. This
    limitation was also carried forth into all of the Unix
    versions of Object REXX. ooRexx has done nothing to change
    this behaviour.

    I believe the idea here wes to protect the user's semaphores
    from access either accidentally or maliciously from another
    user. If you think this through you will see that giving
    access to semaphores to all users is a HUGE security threat
    to a running program. It would allow anyone to clobber your
    semaphores without your knowledge or permission.

    I am going to leave this bug open incase anyone else has
    additional thinks to say about this issue.

     
  • Rick McGuire
    Rick McGuire
    2006-05-16

    Logged In: YES
    user_id=1125291

    It might be nice to support a global option to allow
    different users to access a semaphore, but that pushes this
    into the realm of an enhancement request rather than a bug
    report :-)

     
  • edi8
    edi8
    2007-04-19

    Logged In: YES
    user_id=1730224
    Originator: NO

    i guess, you are both right! first of all this should not be a bug report, but an enhancement request.
    and second, giving everyone access to a semaphore would be a security risk.
    the best way to handle this, would be, to add a "global" option to the semaphore.
    and i really this is a useful request, as the circumstance of two task running under different user account (e.g. one task as a service, and the other as a gui program) is not really unusual. and of course these two task might want to communicate/synchronice using semaphores. thats exactly, why there is the possibility to change the DACLs of semaphore objects. there is just no way, to do this using ObjRexx.
    btw i implemented a "RexxExt.dll", which provides new semaphore routine, which offers, the same functionality, as the original one, just that the DACLs are set that everyone has full control.

     
  • Rick McGuire
    Rick McGuire
    2007-04-19

    Logged In: YES
    user_id=1125291
    Originator: NO

    Contributing your version of RexxExt.dll would be one way to speed up implementation of this.

     
  • Mark Miesfeld
    Mark Miesfeld
    2008-07-18

    Logged In: YES
    user_id=191588
    Originator: NO

    Eveyone seems to agree that this is working as designed, but might make a nice feature request.

    It doesn't make sense to me to leave this as an open bug, so I'm changing its type to Feature Request. I make take a look at implementing the 'global option' Rick mentions.

     


Anonymous


Cancel   Add attachments