Saturday, February 16, 2008

Security Neutral Mutex

We have just completed a project where we had a very “strange” requirement: A Mutex that is normally created by a service but might also be changed or created by the application running as a limited user. Before .NET, we would simply have created a Mutex with a NULL DACL but this is no longer possible because the Mutex Class will actively prevent this.

Fortunately, we found a blog post where the author simply created a Mutex and give EVERYONE full rights on the Mutex which is basically the same as a NULL DACL:

We changed the code a little bit and here is the result:

//Original Code:

public static Mutex Create(string Name)
bool bTrash;
return Create(Name, out bTrash);

public static Mutex Create(string Name, out bool MutexWasCreated)
//Always use global scope
string name = @"Global\" + Name;

MutexSecurity sec = new MutexSecurity();

MutexAccessRule secRule = new MutexAccessRule(

new SecurityIdentifier(WellKnownSidType.WorldSid, null),

MutexRights.FullControl, AccessControlType.Allow);


bool mutexWasCreated;

Mutex m = new Mutex(false, name, out mutexWasCreated, sec);

MutexWasCreated = mutexWasCreated;

return m;


No comments:

Post a Comment