[ovs-git] [openvswitch/ovs] 929dc9: lib/stream-windows.c: Grant Access Privilege of Na...

Alin Gabriel Serdean noreply at github.com
Fri Jan 24 14:51:49 UTC 2020


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 929dc96d0bca21fe3dc134cf45c3e0718811536a
      https://github.com/openvswitch/ovs/commit/929dc96d0bca21fe3dc134cf45c3e0718811536a
  Author: Ning Wu <nwu at vmware.com>
  Date:   2020-01-24 (Fri, 24 Jan 2020)

  Changed paths:
    M Documentation/ref/ovsdb.7.rst
    M lib/stream-windows.c

  Log Message:
  -----------
  lib/stream-windows.c: Grant Access Privilege of Named Pipe to Creator

Current implementation of ovs on windows only allows LocalSystem and
Administrators to access the named pipe created with API of ovs.
Thus any service that needs to invoke the API to create named pipe
has to run as System account to interactive with ovs. It causes the
system more vulnerable if one of those services was break into.
The patch adds the creator owner account to allowed ACLs.

Signed-off-by: Ning Wu <nwu at vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean at ovn.org>
Acked-by: Anand Kumar <kumaranand at vmware.com>
Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>




More information about the git mailing list