Re: Duplicating handles from a Service process

From: Pavel Lebedinsky (m_pll)
Date: 01/31/04 

Date: Fri, 30 Jan 2004 19:09:53 -0800

"Otto" <OttoVonRix@iname.com> wrote:

> That's what I feared...
>
> Then riddle me this: Is there any way to create a named pipe
> on NT that can't be connected to from the network?
> This is essentially what I was trying to do by sharing handles
> to anonymous pipes.
>
> I can't figure out how to set the security descriptor to do this.

You could deny access to SECURITY_NETWORK_RID

Or use a DACL that gives access only to some specific
local group or well known SID that all your clients will have.
For example if your clients are interactive users, give access
to SECURITY_INTERACTIVE_RID.

Relevant Pages

  • Re: Determining computer name of client side of pipe
    ... > submit requests. ... > computer name of clients as they connect to this named pipe (for logging ... There is no API for that, so you will need to modify the clients and server ...
    (microsoft.public.win32.programmer.kernel)
  • Determining computer name of client side of pipe
    ... submit requests. ... computer name of clients as they connect to this named pipe (for logging ... Regards, ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Determining computer name of client side of pipe
    ... >> I have a service that uses a named pipe to allow clients to connect ... >> submit requests. ... I figure I could modify the service and clients to ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Duplicating handles from a Service process
    ... Then riddle me this: Is there any way to create a named pipe on NT that can't be connected to from the network? ... I can't figure out how to set the security descriptor to do this. ...
    (microsoft.public.platformsdk.security)