[ https://issues.apache.org/jira/browse/THRIFT-5388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17315188#comment-17315188 ]
Steven commented on THRIFT-5388: -------------------------------- Hi Jens, Thanks for your support. Besides the flag "FILE_FLAG_OVERLAPPED", also want to add more flags like *SECURITY_SQOS_PRESENT* | *SECURITY_IDENTIFICATION* to avoid server impersonating the client, unless the server is executing under the same security context as the client. > Named Pipes transport hardening > ------------------------------- > > Key: THRIFT-5388 > URL: https://issues.apache.org/jira/browse/THRIFT-5388 > Project: Thrift > Issue Type: Bug > Components: C++ - Library > Reporter: Steven > Priority: Major > > In current codes "lib\cpp\src\thrift\transport\TPipe.cpp", the flags to > connect the named pipe is always FILE_FLAG_OVERLAPPED. It is not possible to > set more security flags to avoid the named pipe server misuse the named pipe > client's identify by > [impersonatenamedpipeclient|https://docs.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-impersonatenamedpipeclient]. > Could we provide the API to set these flags? Thanks. > Codes in "TPipe::open()" are listed below: > DWORD flags = FILE_FLAG_OVERLAPPED; > hPipe.reset(CreateFileA(pipename_.c_str(), GENERIC_READ | GENERIC_WRITE, 0, > nullptr, OPEN_EXISTING, flags, nullptr)); -- This message was sent by Atlassian Jira (v8.3.4#803005)