ipc: allow admins but require high integrity label

author Jason A. Donenfeld <Jason@zx2c4.com>

Wed, 23 Jun 2021 23:19:29 +0000 (01:19 +0200)

committer Jason A. Donenfeld <Jason@zx2c4.com>

Thu, 24 Jun 2021 15:01:02 +0000 (17:01 +0200)
author Jason A. Donenfeld <Jason@zx2c4.com>
Wed, 23 Jun 2021 23:19:29 +0000 (01:19 +0200)
committer Jason A. Donenfeld <Jason@zx2c4.com>
Thu, 24 Jun 2021 15:01:02 +0000 (17:01 +0200)
diff --git a/ipc/uapi_windows.go b/ipc/uapi_windows.go

index 3e2709cee64ac9c73d460cec27365e34f9e6b1a3..a4d68da81b8ce7aa2eb1ac85af1e32079ebc8ab2 100644 (file)
--- a/ipc/uapi_windows.go
+++ b/ipc/uapi_windows.go
@@ -54,8 +54,7 @@ var UAPISecurityDescriptor *windows.SECURITY_DESCRIPTOR
  
  func init() {
         var err error
-       /* SDDL_DEVOBJ_SYS_ALL from the WDK */
-       UAPISecurityDescriptor, err = windows.SecurityDescriptorFromString("O:SYD:P(A;;GA;;;SY)")
+       UAPISecurityDescriptor, err = windows.SecurityDescriptorFromString("O:SYD:P(A;;GA;;;SY)(A;;GA;;;BA)S:(ML;;NWNRNX;;;HI)")
         if err != nil {
                 panic(err)
         }
author	Jason A. Donenfeld <Jason@zx2c4.com>
	Wed, 23 Jun 2021 23:19:29 +0000 (01:19 +0200)
committer	Jason A. Donenfeld <Jason@zx2c4.com>
	Thu, 24 Jun 2021 15:01:02 +0000 (17:01 +0200)