package/wireguard-go
1
0
Fork 0
mirror of https://git.zx2c4.com/wireguard-go synced 2025-10-31 20:02:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

Windows: Apply strict security descriptor on pipe server

Browse Source 
Signed-off-by: Odd Stranne <odd@mullvad.net>
This commit is contained in:
Odd Stranne
2019-03-06 14:58:25 +01:00
committed by Simon Rozman
parent 5c7cc256e3
commit a6d5ef82f4
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ipc/uapi_windows.go
View File

@@ -46,9 +46,20 @@ func (l *UAPIListener) Addr() net.Addr {
return l.listener.Addr()
}
func GetSystemSecurityDescriptor() string {
//
// SDDL encoded.
//
// (system = SECURITY_NT_AUTHORITY | SECURITY_LOCAL_SYSTEM_RID)
// owner: system
// grant: GENERIC_ALL to system
//
return "O:SYD:(A;;GA;;;SY)"
}
func UAPIListen(name string) (net.Listener, error) {
config := winio.PipeConfig{
SecurityDescriptor: "O:SYD:P(A;;GA;;;SY)", /* Local System only, not inheritable */
SecurityDescriptor: GetSystemSecurityDescriptor(),
}
listener, err := winio.ListenPipe("\\\\.\\pipe\\WireGuard\\"+name, &config)
if err != nil {