Prevent changing DACL by SetSecurityInfo

---

• From: "mario.beutler" <mario.beutler@xxxxxxxxxx>
• Date: 7 Feb 2007 02:49:44 -0800

---

Hello,

my service creates a Named Pipe with SECURITY_ATTRIBUTES (DACL) which
limit the access to SID of the active user. Is it possible that
another program change the DACL of the Named Pipe that everyone have
access?
How can I prevent this?
Thanks for your help!

Mario


My DACL is:
"D:"+SDDL_PROTECTED // Discretionary ACL
"(D;OICI;GA;;;BG)" // Deny access to built-in guests
"(D;OICI;GA;;;AN)" // Deny access to anonymous logon
"(A;OICI;GRGW;;;%%AvtiveUserSid%%)"

Does I have to add "(A;OICI;GRGWGX;;;CO)" // Allow read/write/execute
to creator/owner?

.

---

• Follow-Ups:
  • Re: Prevent changing DACL by SetSecurityInfo
    • From: Skywing [MVP]

• Prev by Date: Re: SID of remote user & LookupAccountSid
• Next by Date: Re: Vista Certificate Enrollment api
• Previous by thread: RE: Impersonation and remote registry access
• Next by thread: Re: Prevent changing DACL by SetSecurityInfo
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2007-02