You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "Steven (Jira)" <ji...@apache.org> on 2021/04/06 01:08:00 UTC

[jira] [Commented] (THRIFT-5388) Named Pipes transport hardening

    [ https://issues.apache.org/jira/browse/THRIFT-5388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17315188#comment-17315188 ] 

Steven commented on THRIFT-5388:
--------------------------------

Hi Jens,

Thanks for your support. Besides the flag "FILE_FLAG_OVERLAPPED", also want to add more flags like *SECURITY_SQOS_PRESENT* | *SECURITY_IDENTIFICATION* to avoid server impersonating the client, unless the server is executing under the same security context as the client.

> Named Pipes transport hardening
> -------------------------------
>
>                 Key: THRIFT-5388
>                 URL: https://issues.apache.org/jira/browse/THRIFT-5388
>             Project: Thrift
>          Issue Type: Bug
>          Components: C++ - Library
>            Reporter: Steven
>            Priority: Major
>
> In current codes "lib\cpp\src\thrift\transport\TPipe.cpp", the flags to connect the named pipe is always FILE_FLAG_OVERLAPPED. It is not possible to set more security flags to avoid the named pipe server misuse the named pipe client's identify by [impersonatenamedpipeclient|https://docs.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-impersonatenamedpipeclient]. Could we provide the API to set these flags? Thanks.
> Codes in "TPipe::open()" are listed below:
> DWORD flags = FILE_FLAG_OVERLAPPED; 
>  hPipe.reset(CreateFileA(pipename_.c_str(), GENERIC_READ | GENERIC_WRITE, 0, nullptr, OPEN_EXISTING, flags, nullptr));



--
This message was sent by Atlassian Jira
(v8.3.4#803005)