You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "Steven (Jira)" <ji...@apache.org> on 2021/04/01 01:17:00 UTC

[jira] [Created] (THRIFT-5388) C++: Security issue when connect the named pipe

Steven created THRIFT-5388:
------------------------------

             Summary: C++: Security issue when connect the named pipe
                 Key: THRIFT-5388
                 URL: https://issues.apache.org/jira/browse/THRIFT-5388
             Project: Thrift
          Issue Type: Bug
            Reporter: Steven


In current codes "lib\cpp\src\thrift\transport\TPipe.cpp", the flags to connect the named pipe is always FILE_FLAG_OVERLAPPED. It is not possible to set more security flags to avoid the named pipe server misuse the named pipe client's identify by "https://docs.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-impersonatenamedpipeclient". Could we provide the API to set these flags? Thanks.

Codes in "TPipe::open()" are listed below:

DWORD flags = FILE_FLAG_OVERLAPPED; 
 hPipe.reset(CreateFileA(pipename_.c_str(), GENERIC_READ | GENERIC_WRITE, 0, nullptr, OPEN_EXISTING, flags, nullptr));



--
This message was sent by Atlassian Jira
(v8.3.4#803005)