Ian*_*dby 5 windows security named-pipes dacl
lpSecurityAttributes passed to CreateNamedPipe()?The MSDN documentation for CreateNamedPipe() says:
lpSecurityAttributes [in, optional]
A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new named pipe...
Emphasis mine. Does 'new' mean new named pipe, or new instance of the named pipe? It goes on to say:
Remarks
To create an instance of a named pipe by using CreateNamedPipe, the user must have FILE_CREATE_PIPE_INSTANCE access to the named pipe object. If a new named pipe is being created, the access control list (ACL) from the security attributes parameter defines the discretionary access control for the named pipe.
(Again, emphasis mine.) One could read this as meaning that lpSecurityAttributes is used only when creating the first instance of the named pipe (a new named pipe), and is ignored when creating further instances of the same named pipe. If so, then only one instance of the lpSecurityAttributes structure is required.
Or maybe you have to pass in a valid lpSecurityAttributes for each instance, but it can (should?) be the same one?
或者您可能必须为每个管道实例分配一个新的 SECURITY_ATTRIBUTES 结构?
我的相关问题 - SECURITY_ATTRIBUTES 结构是否可以在调用CreateNamedPipe()返回后立即销毁,或者它是否必须保持有效直到最后一个句柄(到管道,或者只是那个管道实例?)关闭 - 甚至没有解决。
有没有人对这两个问题有明确的答案?
您需要将有效的 SECURITY_ATTRIBUTES 结构或 NULL 传递给对 CreateNamedPipe 的每次调用。您可以为其他调用重用相同的结构,也可以使用单独的结构,以更方便的为准。在来自不同线程的多个同时调用中使用相同的结构可能不安全 - 我怀疑它会没问题,但无论如何我都会避免它。
“新”意味着“新管道”而不是“新实例”。如果命名管道已存在,则不会使用 lpSecurityDescriptor 成员中的 ACL。因此,如果您知道正在创建现有管道的新实例,并且不需要设置 bInheritHandle,则应该为 lpSecurityAttributes 传递 NULL。如果确实需要设置 bInheritHandle,请确保 lpSecurityDescriptor 为 NULL 或指向有效的安全描述符。
正如已经提到的,一旦调用返回,lpSecurityAttributes 中的内容就可以被丢弃(除非您计划在另一个调用中重用它!),是的,其中包括分配给安全描述符的内存。
| 归档时间: |
|
| 查看次数: |
906 次 |
| 最近记录: |