On Wed, Jun 19, 2024 at 9:47 AM Lev Stipakov <[email protected]> wrote:
> At the moment everyone but anonymous are permitted > to create a pipe with the same name as interactive service creates, > which makes it possible for malicious process with SeImpersonatePrivilege > impersonate as local user. > > This hardens the security of the pipe, making it possible only for > processes running as SYSTEM (such as interactive service) create the > pipe with the same name. > > While on it, replace EXPLICIT_ACCESS structures with SDDL string. > > CVE: 2024-4877 > > Change-Id: I35e783b79a332d247606e05a39e41b4d35d39b5d > Reported by: Zeze with TeamT5 <[email protected]> > Signed-off-by: Lev Stipakov <[email protected]> > --- > v2: > - ensure that sd is freed even if pipe creation failed > - added Reported-By > Acked-by: Selva Nair <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
