From: Jason A. Donenfeld <Jason@zx2c4.com>
Date: Fri, 8 Mar 2019 00:40:54 +0000 (+0100)
Subject: uapi: windows: work out pipe semantics
X-Git-Tag: 0.0.20190409~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c7cc256e39a772dcaeb879bb4371ecb68b3e280;p=thirdparty%2Fwireguard-go.git

uapi: windows: work out pipe semantics

Pipes can be arranged like this, so that's fine. We also apply a strict
SDDL that can't be inherited and only gives access to local system.

Developed-with: Odd Stranne <odd@mullvad.net>
---

diff --git a/ipc/uapi_windows.go b/ipc/uapi_windows.go
index 209d0d2..158c5a8 100644
--- a/ipc/uapi_windows.go
+++ b/ipc/uapi_windows.go
@@ -48,9 +48,9 @@ func (l *UAPIListener) Addr() net.Addr {
 
 func UAPIListen(name string) (net.Listener, error) {
 	config := winio.PipeConfig{
-		SecurityDescriptor: "", //TODO: we want this to be a very locked down pipe.
+		SecurityDescriptor: "O:SYD:P(A;;GA;;;SY)", /* Local System only, not inheritable */
 	}
-	listener, err := winio.ListenPipe("\\\\.\\pipe\\wireguard\\"+name, &config) //TODO: choose sane name.
+	listener, err := winio.ListenPipe("\\\\.\\pipe\\WireGuard\\"+name, &config)
 	if err != nil {
 		return nil, err
 	}