ipc: windows: match SDDL of WDK and make monkeyable

author Jason A. Donenfeld <Jason@zx2c4.com>

Fri, 19 Jul 2019 13:34:26 +0000 (15:34 +0200)

committer Jason A. Donenfeld <Jason@zx2c4.com>

Fri, 19 Jul 2019 13:34:26 +0000 (15:34 +0200)
author Jason A. Donenfeld <Jason@zx2c4.com>
Fri, 19 Jul 2019 13:34:26 +0000 (15:34 +0200)
committer Jason A. Donenfeld <Jason@zx2c4.com>
Fri, 19 Jul 2019 13:34:26 +0000 (15:34 +0200)
diff --git a/ipc/uapi_windows.go b/ipc/uapi_windows.go

index 32d55241ed3dbed9a1db8e3b140c9e30936f2c4d..4073c97548b2f91fae89976a32a79cc685da4b0a 100644 (file)
--- a/ipc/uapi_windows.go
+++ b/ipc/uapi_windows.go
@@ -47,20 +47,12 @@ func (l *UAPIListener) Addr() net.Addr {
         return l.listener.Addr()
  }
  
-func GetSystemSecurityDescriptor() string {
-       //
-       // SDDL encoded.
-       //
-       // (system = SECURITY_NT_AUTHORITY | SECURITY_LOCAL_SYSTEM_RID)
-       // owner: system
-       // grant: GENERIC_ALL to system
-       //
-       return "O:SYD:(A;;GA;;;SY)"
-}
+/* SDDL_DEVOBJ_SYS_ALL from the WDK */
+var UAPISecurityDescriptor = "O:SYD:P(A;;GA;;;SY)"
  
  func UAPIListen(name string) (net.Listener, error) {
         config := winpipe.PipeConfig{
-               SecurityDescriptor: GetSystemSecurityDescriptor(),
+               SecurityDescriptor: UAPISecurityDescriptor,
         }
         listener, err := winpipe.ListenPipe("\\\\.\\pipe\\WireGuard\\"+name, &config)
         if err != nil {
author	Jason A. Donenfeld <Jason@zx2c4.com>
	Fri, 19 Jul 2019 13:34:26 +0000 (15:34 +0200)
committer	Jason A. Donenfeld <Jason@zx2c4.com>
	Fri, 19 Jul 2019 13:34:26 +0000 (15:34 +0200)