[ovs-dev] [PATCH v2] Windows: Secure the namedpipe implementation
Alin Serdean
aserdean at cloudbasesolutions.com
Sat May 6 00:26:48 UTC 2017
The idea is if I start ovs-vswitchd/ovsdb-server under user: bla. I could run ovs-vsctl show under user:bla. Without the need of elevation.
In summary, the users should be: services, administrators, creator(owner).
Thanks,
Alin.
> -----Original Message-----
> From: Sairam Venugopal [mailto:vsairam at vmware.com]
> Sent: Saturday, May 6, 2017 3:16 AM
> To: Alin Serdean <aserdean at cloudbasesolutions.com>;
> dev at openvswitch.org
> Subject: Re: [ovs-dev] [PATCH v2] Windows: Secure the namedpipe
> implementation
>
> Hi Alin,
>
> I think the existing behavior requires an elevated Command
> Prompt/powershell to execute OVS commands.
[Alin Serdean] Not all of them 😊. It would aid devs a lot if they test just userspace binaries. I.e. Starting ovsdb-server and playing around with ovsdb-client will work. You can do this now w/o elevated prompts.
>
>
> Eg: Running 'ovs-appctl list-commands’ on non-Adminsitrator CMD will
> complain that access is denied to the namedpipe.
>
> Are you thinking of other cases where the current user is non-administrator
> and can still access the namedpipe?
>
> Thanks,
> Sairam
>
>
>
>
>
> On 5/5/17, 4:17 PM, "Alin Serdean" <aserdean at cloudbasesolutions.com>
> wrote:
>
> >Hi Sai,
> >
> >Thanks a lot for the patch!
> >
> >Could you please add the current user to the accepted list?
> >
> >We need them for testing and users to be able to run the binaries w/o
> elevation (i.e. make check on own laptop without elevated prompt).
> >
> >Let me know if I can help you with that!
> >
> >Some small nits inlined.
> >
> >Thanks,
> >Alin.
> >
More information about the dev
mailing list