Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-5388

Named Pipes transport hardening

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • C++ - Library
    • None

    Description

      In current codes "lib\cpp\src\thrift\transport\TPipe.cpp", the flags to connect the named pipe is always FILE_FLAG_OVERLAPPED. It is not possible to set more security flags to avoid the named pipe server misuse the named pipe client's identify by impersonatenamedpipeclient. Could we provide the API to set these flags? Thanks.

      Codes in "TPipe::open()" are listed below:

      DWORD flags = FILE_FLAG_OVERLAPPED;
      hPipe.reset(CreateFileA(pipename_.c_str(), GENERIC_READ | GENERIC_WRITE, 0, nullptr, OPEN_EXISTING, flags, nullptr));

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            christmasliu Steven

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 20m
                20m

                Issue deployment