From 32a11cfa559aa218c7577d26199622c84daf60f4 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 30 Aug 2019 13:32:12 -0600
Subject: manager: enforce client pipe ownership

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 manager/ipc_server.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'manager/ipc_server.go')

diff --git a/manager/ipc_server.go b/manager/ipc_server.go
index 3bb92066..9b2aac43 100644
--- a/manager/ipc_server.go
+++ b/manager/ipc_server.go
@@ -15,6 +15,7 @@ import (
 	"os"
 	"sync"
 	"sync/atomic"
+	"syscall"
 	"time"
 
 	"golang.org/x/sys/windows"
@@ -54,7 +55,11 @@ func (s *ManagerService) RuntimeConfig(tunnelName string, config *conf.Config) e
 	if err != nil {
 		return err
 	}
-	pipe, err := winpipe.DialPipe(pipePath, nil)
+	localSystem, err := windows.CreateWellKnownSid(windows.WinLocalSystemSid)
+	if err != nil {
+		return err
+	}
+	pipe, err := winpipe.DialPipe(pipePath, nil, (*syscall.SID)(localSystem))
 	if err != nil {
 		return err
 	}
-- 
cgit v1.2.3-59-g8ed1b