Named pipes permissions
来源:互联网 发布:马云大数据演讲那个省 编辑:程序博客网 时间:2024/06/06 11:21
Named pipes permissions
Named pipes are implemented by a filesystem driver in Windows NT, npfs.sys, which supports security descriptors on each named pipe. These security descriptors are used to control access to named pipes. It is possible to use the pipeacl tool ([42], [43]) to examine and modify security descriptors on named pipes.
In Windows 2000, named pipes DACL (Discretionnary Access Control Lists) grant permissions to EVERYONE and ADMINISTRATORS for most named pipes used as MSRPC endpoints. Because ANONYMOUS LOGON is included in EVERYONE in Windows 2000, named pipes permissions allow anonymous accesses.
E:/>pipeacl /??/pipe/lsarpc
Revision: 1
Reserved: 0
Control : 8004
Owner: BUILTIN/Administrators (S-1-5-32-544)
Group: SYSTEM (S-1-5-18)
Sacl: Not present
Dacl: 2 aces
(A) (00) 0012019b : Everyone (S-1-1-0)
(A) (00) 001f01ff : BUILTIN/Administrators (S-1-5-32-544)
In Windows XP and Windows Server 2003, DACL grant permissions to EVERYONE, ANONYMOUS LOGON and ADMINISTRATORS. EVERYONE and ANONYMOUS LOGON are given exactly the same permissions: permissions are thus exactly equivalent to Windows 2000 permissions (starting with Windows XP, EVERYONE does not include ANONYMOUS LOGON so ANONYMOUS LOGON must explicitely appear in ACL).
C:/>pipeacl /??/pipe/lsarpc
Revision: 1
Reserved: 0
Control : 8004
Owner: BUILTIN/Administrators (S-1-5-32-544)
Group: SYSTEM (S-1-5-18)
Sacl: Not present
Dacl: 3 aces
(A) (00) 001f01ff : BUILTIN/Administrators (S-1-5-32-544)
(A) (00) 0012019b : Anonymous (S-1-5-7)
(A) (00) 0012019b : Everyone (S-1-1-0)
It is possible to modify ACL on named pipes using pipeacl and typically either add a deny ACE for ANONYMOUS LOGON in Windows 2000 or remove the ACE for ANONYMOUS LOGON in Windows XP and Windows Server 2003.
When permissions are manually removed for ANONYMOUS LOGON for named pipes that are either hardcoded in the SMB server driver or found in the NullSessionPipes registry value such as lsarpc, it is no longer possible to open this pipe in the context of a NULL session.
To conclude, permissions on named permissions are typically not used for NULL sessions restrictions because, by default, DACL allow accesses for ANONYMOUS LOGON. It is not really practical to modify default DACL, given that modifications of DACL on named pipes are not persistent (because named pipes are created by RPC services at startup).
- Named pipes permissions
- Windows named pipes exploitation
- Named Pipes 连接
- Deletion of open named pipes
- Named Pipes Provider, error: 40 完全解决方案
- 命名管道(Named Pipes)通信学习
- unix domain socket VS named pipes
- (provider: Named Pipes Provider, error: 40
- Mysql - disable TCP/IP connections and enable named pipes
- 使用 Named Pipes 创建有效的连接字符串
- 使用 Named Pipes 创建有效的连接字符串
- 【三层】问题 — provider:Named Pipes Provider,error:40
- Pipes
- 解决Asp.net 2.0 连接Sqlserver2000时报“provider: Named Pipes Provider, error: 40 ”的错误。
- How to: Use Named Pipes to Communicate Between Processes over a Network
- Named Pipes Provider: Could not open a connection to SQL Server [53]
- 解决:provider:Named Pipes Provider error:40无法打开SQL Server的连接
- provider:Named Pipes Provider,error:40 - 无法打开SQL Server的连接
- Windows network services internals 1
- 关于中间件TUXEDO的开发
- linux用户帐户管理常见问题
- 一生要做的五十件事(三)
- 深入探讨数据仓库缓慢变化维的解决方案
- Named pipes permissions
- 深入浅出MS06-040
- 通用Web分页功能一例
- 清除IE右键的菜单项 迅雷截图功能
- 今天看朋友的博客听说了这个地方
- 函数指针的用法
- 关于Microsoft Agent 动画制作
- 通往python之路(一)
- PHP的服务器Apache中httpd.conf 的中文详解