Boost C++ Libraries: Ticket #13466: Security vulnerability in Boost Interprocess https://svn.boost.org/trac10/ticket/13466 <p> Greetings, </p> <p> Our security team has flagged: if(SetSecurityDescriptorDacl(&amp;sd, true, 0, false)) in interprocess\detail\win32_api.hpp as a "high-priority" vulnerability citing: </p> <p> "Objects that have null DACLs can have their security descriptors altered by malicious users so that no one has access to the object. Even if everyone needs access to an object, the object should be secured so that only administrators can alter its security". </p> <p> We've been told to bring this to your attention; Can you please let us know when it would be feasible to fix? </p> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/13466 Trac 1.4.3 anonymous Sun, 01 Jul 2018 21:04:16 GMT <link>https://svn.boost.org/trac10/ticket/13466#comment:1 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/13466#comment:1</guid> <description> <p> Bump? </p> </description> <category>Ticket</category> </item> </channel> </rss>