Re: Connect a pipe from asynchronous pluggable protocol?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

"Bill Holt" <mailbill(NOSPAM)@21cn.com.nospam> wrote in message
news:CB6C387F-2701-4F15-BA60-7C0DBD3C4BFD@xxxxxxxxxxxxxxxx
I don't have any problems creating the server pipe. And I created a test
client program to make sure that the pipe server/client model is working
correctly.

But I ran into some problem when using the APP to connect. CreateFile
keeps failing. GetLastError() returns 5, which means access denied. I
suppose it's because I called CreateNamedPipe with NULL as security
attribute. I'm wondering what account is APP working under. And I'm using
multi-threads that is created with NULL as security too, is that related?
How do I setup the security attribute to allow connect from APP? Or is
there anything else I should be aware of?

If you specify NULL for the security attributes structure then the pipe is
accessible to clients running under the same account as the one used by the
server to create the pipe. Now, if your server runs as a service under the
local system account then you have a problem accessing it from an
interactive session.

How to you want to secure access to access the pipe? If any authenticated
user is fine then what you do initialize a security descriptor and set a
null discretionary access control list (DACL) into it as I did here:

http://groups.google.com/group/microsoft.public.vc.language/browse_thread/thread/1d52884432bf3715/bec904491174795f?hl=en&lnk=st&q=#bec904491174795f

If you want to do something more clever, I have a video tutorial on
discretionary access control lists. I'd like to give you a direct link,
instead go here,

http://www.microsoft.com/click/hellosecureworld/default.mspx

skip the intro, clock the "movie time" button and choose the DACL video

Regards,
Will


.

Relevant Pages

  • RE: folder virtualisation
    ... I do not think this security problem can be resolved ... account security configuration. ... LocalSystem account created the named pipe with CreateNamedPipe API, ... Microsoft Online Community Support ...
    (microsoft.public.platformsdk.security)
  • RE: folder virtualisation
    ... looks like it is working now after adding security attribute. ... account security configuration. ... LocalSystem account created the named pipe with CreateNamedPipe API, ... Microsoft Online Community Support ...
    (microsoft.public.platformsdk.security)
  • [UNIX] Exim Recipient Decoding Execution
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A security vulnerability in Exim allows remote attackers to cause the Exim ... directs or routes an address to a pipe transport without checking the ... broken Exim runs the command encoded in the local part. ...
    (Securiteam)
  • [opensuse] Re: USER question
    ... how do you detect EOF on> the ... The only way to generate EOF on a pipe is to close the pipe. ... All use of the user alias is in a gosub and the gosub includes the user command that opens the pipe, and never closes it, relying on the fact that filepro doesn't actually spawn further instances of the target program when re-executing the same user command. ... If you try to read form user when the app isn't writing, you hang until the app sends you an end of line. ...
    (SuSE)
  • Re: data transfer
    ... >I need to make two programs I wrote to communicate with each other, ... Then you'd better state the security issues in excruciating detail, ... Shared memory can be shared by more than two programs. ... This description of the data flow begs for a pipe, ...
    (comp.lang.c)