stackoom
  简体   繁体   中英

Making named pipe accessible only to the logon sid that starts the client process

 原文  2019-06-18 06:50:53       windows/ security/ named-pipes/ sid/ dacl

Question

I have the server that creates the client process and creates the named pipe. The client communicates to the server via the named pipe.

To prevent remote users or users on a different terminal services session from accessing a named pipe, use the logon SID on the DACL for the pipe. The logon SID is used in run-as logons as well; it is the SID used to protect the per-session object namespace. For more information, see Getting the Logon SID in C++. https://docs.microsoft.com/en-us/windows/desktop/ipc/named-pipe-security-and-access-rights

How do I do this? It tells me how to get the SID but how do I make a SECURITY_ATTRIBUTE using the SID?

1 answers

solution1
 0  2020-05-03 20:29:30

Finally i could find solution to this problem. You can make use of SDDL TEXT("(D;OICI;GA;;;NU)")

using standard SDDL functions create security descriptor use the same during named pipe creation

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get process ID of a client that connected to a named pipe server with C# How to reliably get LOGON USER name/sid from a process running as SYSTEM? how to determine process on other end of named pipe Named pipe client (c++) with c# server Can a named-pipe client write to multiple instances? Named pipe client unable to connect to server running as Network Service Get User SID From Logon ID (Windows XP and Up) c++: Let user process write to LOCAL_SYSTEM named pipe - Custom Security Descriptor Creating Named Pipe Error Windows Named Pipe is invalid
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM