[Box Backup-dev] Reviewing code -- help!
Chris Wilson
boxbackup-dev at fluffy.co.uk
Thu Dec 15 15:13:36 GMT 2005
Hi Charles,
>> The pipe is created using PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE |
>> PIPE_WAIT, is that enough?
>
> No :-)
Of course not, that would be too easy :-)
>> Do I need to do anything on the client side, that opens the pipe with
> CreateFileW?
>
> Yes - have a look at SetNamedPipeHandleState. A pipe client always
> starts in byte mode.
Does this look OK to you?
mSocketHandle = CreateFileW(...)
...
DWORD Flags = PIPE_READMODE_MESSAGE | // put this end into message mode
PIPE_WAIT; // put this end into blocking mode
if (!SetNamedPipeHandleState(
mSocketHandle, // pipe handle
&Flags, // mode flags
NULL, // don't change the collection count
NULL)) // don't change the collect timeout
{
::syslog(LOG_ERR, "Failed to put pipe into message mode: "
"error %d", GetLastError());
THROW_EXCEPTION(ServerException, SocketOpenError)
}
> Also, you need to think carefully about having a NULL SA on the pipe;
> generally, this is a potential security problem.
How about this?
SECURITY_ATTRIBUTES Security;
Security.nLength = sizeof(SECURITY_ATTRIBUTES);
Security.lpSecurityDescriptor = NULL; // inherit from process
Security.bInheritHandle = FALSE; // don't pass to new processes
mSocketHandle = CreateNamedPipeW(
...
&Security); // use our security attributes
Both changes are now in
[http://bbdev.fluffy.co.uk/svn/box/chris/win32/pipe-security].
Thanks for your help!
Cheers, Chris.
--
_ ___ __ _
/ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |
More information about the Boxbackup-dev
mailing list