From 15b24b6179e078c799946f279bb5ac30053fd02d Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Thu, 24 Jun 2021 01:19:29 +0200
Subject: ipc: allow admins but require high integrity label

Might be more reasonable.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 ipc/uapi_windows.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ipc/uapi_windows.go b/ipc/uapi_windows.go
index 3e2709c..a4d68da 100644
--- a/ipc/uapi_windows.go
+++ b/ipc/uapi_windows.go
@@ -54,8 +54,7 @@ var UAPISecurityDescriptor *windows.SECURITY_DESCRIPTOR
 
 func init() {
 	var err error
-	/* SDDL_DEVOBJ_SYS_ALL from the WDK */
-	UAPISecurityDescriptor, err = windows.SecurityDescriptorFromString("O:SYD:P(A;;GA;;;SY)")
+	UAPISecurityDescriptor, err = windows.SecurityDescriptorFromString("O:SYD:P(A;;GA;;;SY)(A;;GA;;;BA)S:(ML;;NWNRNX;;;HI)")
 	if err != nil {
 		panic(err)
 	}
-- 
cgit v1.2.3-59-g8ed1b