ipc: allow admins but require high integrity label

Might be more reasonable. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2021-06-24 01:19:29 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2021-06-24 17:01:02 +0200
commit: 15b24b6179e078c799946f279bb5ac30053fd02d (patch)
tree: 9801ab694b3f3a082007e294b9b63e0731e34d03
parent: device: zero out allowedip node pointers when removing (diff)
download: wireguard-go-15b24b6179e078c799946f279bb5ac30053fd02d.tar.xz
wireguard-go-15b24b6179e078c799946f279bb5ac30053fd02d.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/ipc/uapi_windows.go b/ipc/uapi_windows.go
index 3e2709c..a4d68da 100644
--- a/ipc/uapi_windows.go
+++ b/ipc/uapi_windows.go
@@ -54,8 +54,7 @@ var UAPISecurityDescriptor *windows.SECURITY_DESCRIPTOR
 
 func init() {
 	var err error
-	/* SDDL_DEVOBJ_SYS_ALL from the WDK */
-	UAPISecurityDescriptor, err = windows.SecurityDescriptorFromString("O:SYD:P(A;;GA;;;SY)")
+	UAPISecurityDescriptor, err = windows.SecurityDescriptorFromString("O:SYD:P(A;;GA;;;SY)(A;;GA;;;BA)S:(ML;;NWNRNX;;;HI)")
 	if err != nil {
 		panic(err)
 	}
author	Jason A. Donenfeld <Jason@zx2c4.com>	2021-06-24 01:19:29 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2021-06-24 17:01:02 +0200
commit	15b24b6179e078c799946f279bb5ac30053fd02d (patch)
tree	9801ab694b3f3a082007e294b9b63e0731e34d03
parent	device: zero out allowedip node pointers when removing (diff)
download	wireguard-go-15b24b6179e078c799946f279bb5ac30053fd02d.tar.xz wireguard-go-15b24b6179e078c799946f279bb5ac30053fd02d.zip