You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Steven (Jira)" <ji...@apache.org> on 2021/04/01 01:17:00 UTC
[jira] [Created] (THRIFT-5388) C++: Security issue when connect the
named pipe
Steven created THRIFT-5388:
------------------------------
Summary: C++: Security issue when connect the named pipe
Key: THRIFT-5388
URL: https://issues.apache.org/jira/browse/THRIFT-5388
Project: Thrift
Issue Type: Bug
Reporter: Steven
In current codes "lib\cpp\src\thrift\transport\TPipe.cpp", the flags to connect the named pipe is always FILE_FLAG_OVERLAPPED. It is not possible to set more security flags to avoid the named pipe server misuse the named pipe client's identify by "https://docs.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-impersonatenamedpipeclient". Could we provide the API to set these flags? Thanks.
Codes in "TPipe::open()" are listed below:
DWORD flags = FILE_FLAG_OVERLAPPED;
hPipe.reset(CreateFileA(pipename_.c_str(), GENERIC_READ | GENERIC_WRITE, 0, nullptr, OPEN_EXISTING, flags, nullptr));
--
This message was sent by Atlassian Jira
(v8.3.4#803005)