-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't change NamedPipe permissions with Windows #47086
Comments
For my understanding: what specific API inside node are you referring to? |
I created Windows named pipes like this: var net = require('net');
var PIPE_NAME = "mypipe";
var PIPE_PATH = "\\\\.\\pipe\\" + PIPE_NAME;
var L = console.log;
var server = net.createServer(function(stream) {
L('Server: on connection')
stream.on('data', function(c) {
L('Server: on data:', c.toString());
});
stream.on('end', function() {
L('Server: on end')
server.close();
});
stream.write('Take it easy!');
});
server.on('close',function(){
L('Server: on close');
})
server.listen(PIPE_PATH,function(){
L('Server: on listening');
})
// == Client part == //
var client = net.connect(PIPE_PATH, function() {
L('Client: on connection');
})
client.on('data', function(data) {
L('Client: on data:', data.toString());
client.end('Thanks!');
});
client.on('end', function() {
L('Client: on end');
}) Example is from here: https://stackoverflow.com/questions/11750041/how-to-create-a-named-pipe-in-node-js The problem is that, AFAIK, in Windows named pipes are created using the network subsystem, not using files. |
Node (well, libuv) calls CreateNamedPipe() with the WRITE_DAC (but not WRITE_OWNER) flag and default security attributes, meaning:
Excluding some of those may be reasonable (or maybe not, I'm undecided) but as node has worked this way since basically forever any change in default behavior risks breaking existing libraries or applications, so we're unlikely to make that change. (As well, since you're the first one to bring this up, it seems like a safe bet the default is working fine for most users.) An opt-in could work but you'll have to pursue that by modifying libuv (open an issue first to hash out the details) and then changing node to make use of the new libuv API. If you don't plan on working on that, fair, but then please close the issue. |
I assume the lack of reply means you're not intending to pursue this. I'll close out the issue. |
Version
16.15.1
Platform
Windows 11
Subsystem
net
What steps will reproduce the bug?
The API for creating a named pipe in Windows does not allow setting permissions of the named pipe and by default pipes are readable by everyone. This makes secure programming very difficult.
How often does it reproduce? Is there a required condition?
Always.
What is the expected behavior?
No response
What do you see instead?
Either default permissions should be set to current user only or an API should be provided to set the permissions.
Additional information
No response
The text was updated successfully, but these errors were encountered: