Opening a named pipe in low integrity level

Question

I\'m working on an application which is made of two modules. These modules communicate through named pipes in the following environment:

• Windows 7 Home Premi

Answer 1

The answer I posted in December does work, despite the anonymous drive-by voting down which someone indulged themselves in. (At least, it does on Vista SP2 and I don't think there are any differences between Vista and Windows 7 which would affect this issue).

Here is a different approach which also works, specifying the DACL within the SDDL string used inside the pipe factory class:

Change the line in the CreateLowIntegrityNamedPipe(string pipeName) method which calls ConvertStringSecurityDescriptorToSecurityDescriptor, thus:

bool result = ConvertStringSecurityDescriptorToSecurityDescriptor(
     CreateSddlForPipeSecurity(), 1, out securityDescriptorPtr, 
     out securityDescriptorSize);

and provide an additional private static method, something like:

    private static string CreateSddlForPipeSecurity()
    {
        const string LOW_INTEGRITY_LABEL_SACL = "S:(ML;;NW;;;LW)";
        const string EVERYONE_CLIENT_ACE = "(A;;0x12019b;;;WD)";
        const string CALLER_ACE_TEMPLATE = "(A;;0x12019f;;;{0})";

        StringBuilder sb = new StringBuilder();
        sb.Append(LOW_INTEGRITY_LABEL_SACL);
        sb.Append("D:");
        sb.Append(EVERYONE_CLIENT_ACE);
        sb.AppendFormat(CALLER_ACE_TEMPLATE, WindowsIdentity.GetCurrent().Owner.Value);
        return sb.ToString();
    }

My version sets the pipe access to allow any authenticated user to be a pipe client. You could add additional features to the pipe factory class to specify a list of allowed client SIDs or such like.