3

I'm trying to have a duplex named pipe in Windows using Golang and https://pkg.go.dev/github.com/Microsoft/go-winio package.

The client runs as a regular process but the server runs elevated (the client starts the server via ShellExecute and "runas" verb) both must be able to read and write to the pipe.

The client is able to read (when tested just using os.Open) but it receives error golang.org/x/sys/windows.ERROR_ACCESS_DENIED (5) when doing read/write.

The server code is:

// ...
_ = os.Remove(pipePath)
pc := &winio.PipeConfig{
    InputBufferSize:    512,
    OutputBufferSize:   512,
}

l, err := winio.ListenPipe(pipePath, pc)
if err != nil {
    fmt.Println("Error creating pipe: ", err)
    os.Exit(255)
}
defer func(l net.Listener) {
    _ = l.Close()
}(l)
for {
    conn, err := l.Accept()
    if err != nil {
        fmt.Println("Error accepting connection: ", err)
        continue
    }
    // ...
}
// ...

I've tested many different SecurityDescriptor in winio.PipeConfig to no avail.

and the client code is:

// ...
conn, err := winio.DialPipe(pipePath, nil)
// ...

Thanks in advance.

Improve this question
1
  • 1
    You need to figure out the correct SecurityDescriptor. You'll probably need to provide one that you expect to work, then maybe somebody could help you correct it.
    – erik258
    Commented Jun 22 at 22:21

1 Answer 1

Reset to default
0

Found the answer to my question, using SecurityDescriptor D:P(A;;GA;;;AU) with the interesting part being A;;GA;;;AU Allow Generic All (read/write) to all Authenticated Users. I further restricted the descriptor by substituting the AU part for the current user SID so only the current authenticated user has access.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.