aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/tunnel/service.go
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2019-07-19 15:59:53 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2019-07-19 15:59:53 +0200
commit11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21 (patch)
tree8346fd7c7ecaeb7260a8c80ee9df5942a100797b /tunnel/service.go
parentringlogger: windows only (diff)
downloadwireguard-windows-11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21.tar.xz
wireguard-windows-11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21.zip
tunnel: extract owner of config file for pipe dacl
If the config file is unencrypted and its owner is not Local System, then we allow the runtime named pipe to be accessed by that owner, since generally the private key is already stored in the config file. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to '')
-rw-r--r--tunnel/service.go5
1 files changed, 5 insertions, 0 deletions
diff --git a/tunnel/service.go b/tunnel/service.go
index c0ead084..752b9561 100644
--- a/tunnel/service.go
+++ b/tunnel/service.go
@@ -117,6 +117,11 @@ func (service *Service) Execute(args []string, r <-chan svc.ChangeRequest, chang
serviceError = services.ErrorLoadConfiguration
return
}
+ err = CopyConfigOwnerToIPCSecurityDescriptor(service.Path)
+ if err != nil {
+ serviceError = services.ErrorLoadConfiguration
+ return
+ }
logPrefix := fmt.Sprintf("[%s] ", conf.Name)
log.SetPrefix(logPrefix)