From 323b0d3fdf9e0a1ff2594a4d97d54fbbafccb181 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Tue, 13 May 2014 19:19:28 +0000 Subject: [PATCH] Explicitly set the owning SID in make_private_security_descriptor. Philippe Maupertuis reports that on one particular machine, Windows causes the named pipe created by upstream PuTTY to be owned by the Administrators group SID rather than the user's SID, which defeats the security check in the downstream PuTTY. No other machine has been reported to do this, but nonetheless it's clearly a thing that can sometimes happen, so we now work around it by specifying explicitly in the security descriptor for the pipe that its owner should be the user SID rather than any other SID we might have the right to use. [originally from svn r10188] --- windows/winsecur.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/winsecur.c b/windows/winsecur.c index d04e88a9..df93a74c 100644 --- a/windows/winsecur.c +++ b/windows/winsecur.c @@ -187,6 +187,12 @@ int make_private_security_descriptor(DWORD permissions, goto cleanup; } + if (!SetSecurityDescriptorOwner(*psd, usersid, FALSE)) { + *error = dupprintf("unable to set owner in security descriptor: %s", + win_strerror(GetLastError())); + goto cleanup; + } + if (!SetSecurityDescriptorDacl(*psd, TRUE, *acl, FALSE)) { *error = dupprintf("unable to set DACL in security descriptor: %s", win_strerror(GetLastError()));