Platform SDK: DLLs, Processes, and Threads

Synchronization Object Security and Access Rights

Windows NT/Windows 2000 security enables you to control access to event, mutex, semaphore, and waitable timer objects. Timer queues, interlocked variables, and critical section objects are not securable. For more information about security, see Access-Control Model.

You can specify a security descriptor for an interprocess synchronization object when you call the CreateEvent, CreateMutex, CreateSemaphore, or CreateWaitableTimer function. To get or set the security descriptor of an event, mutex, semaphore, or waitable timer object, call the GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, or SetSecurityInfo functions.

The handles returned by CreateEvent, CreateMutex, CreateSemaphore, and CreateWaitableTimer have full access to the new object. When you call the OpenEvent, OpenMutex, OpenSemaphore, and OpenWaitableTimer functions, the system checks the requested access rights against the object's security descriptor.

The valid access rights for all interprocess synchronization objects include the DELETE, READ_CONTROL, SYNCHRONIZE, WRITE_DAC, and WRITE_OWNER standard access rights.

The following table lists the specific access rights for event objects.

Value Meaning
EVENT_ALL_ACCESS Specifies all possible access rights for an event object.
EVENT_MODIFY_STATE Specifies modify state access, which is required for the ResetEvent and PulseEvent functions.

The following table lists the specific access rights for mutex objects.

Value Meaning
MUTEX_ALL_ACCESS Specifies all possible access rights for a mutex object.
MUTEX_MODIFY_STATE Specifies modify state access, which is required for the ReleaseMutex function.

The following table lists the specific access rights for semaphore objects.

Value Meaning
SEMAPHORE_ALL_
ACCESS
Specifies all possible access rights for a semaphore object.
SEMAPHORE_MODIFY_
STATE
Specifies modify state access, which is required for the ReleaseSemaphore function.

The following table lists the specific access rights for waitable timer objects.

Value Meaning
TIMER_ALL_ACCESS Specifies all possible access rights for a waitable timer object.
TIMER_MODIFY_STATE Specifies modify state access, which is required for the SetWaitableTimer and CancelWaitableTimer functions.
TIMER_QUERY_STATE Reserved for future use.

To read or write the SACL of an interprocess synchronization object, you must request the ACCESS_SYSTEM_SECURITY access right. For more information, see Access-Control Lists (ACLs) and SACL Access Right.