diff options
author | Ning Wu <nwu@vmware.com> | 2020-01-21 23:46:58 -0800 |
---|---|---|
committer | Alin Gabriel Serdean <aserdean@ovn.org> | 2020-01-24 16:51:34 +0200 |
commit | 929dc96d0bca21fe3dc134cf45c3e0718811536a (patch) | |
tree | 928b1688b05aec53287f9bf271c5e0c68f9d4f98 /Documentation/ref | |
parent | dbbd0cf64492426938c4ad3177cabb444b1e9163 (diff) | |
download | openvswitch-929dc96d0bca21fe3dc134cf45c3e0718811536a.tar.gz |
lib/stream-windows.c: Grant Access Privilege of Named Pipe to Creator
Current implementation of ovs on windows only allows LocalSystem and
Administrators to access the named pipe created with API of ovs.
Thus any service that needs to invoke the API to create named pipe
has to run as System account to interactive with ovs. It causes the
system more vulnerable if one of those services was break into.
The patch adds the creator owner account to allowed ACLs.
Signed-off-by: Ning Wu <nwu@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Acked-by: Anand Kumar <kumaranand@vmware.com>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Diffstat (limited to 'Documentation/ref')
-rw-r--r-- | Documentation/ref/ovsdb.7.rst | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst index b1f3f5d49..da4dbedd2 100644 --- a/Documentation/ref/ovsdb.7.rst +++ b/Documentation/ref/ovsdb.7.rst @@ -422,7 +422,8 @@ punix:<file> named <file>. On Windows, listens on a local named pipe, creating a named pipe - <file> to mimic the behavior of a Unix domain socket. + <file> to mimic the behavior of a Unix domain socket. The ACLs of the named + pipe include LocalSystem, Administrators, and Creator Owner. All IP-based connection methods accept IPv4 and IPv6 addresses. To specify an IPv6 address, wrap it in square brackets, e.g. ``ssl:[::1]:6640``. Passive |