Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Add authentication/encryption when using pipes for IPC #19109
This fixes a potential Atom security issue caused by the fact that in Windows machines there are no ACL mechanisms for named pipes
Atom has some logic to share the same main process when opening different instances (or windows) of the editor.
Currently, this is done in Windows by creating a named pipe the first time that Atom is launched, so subsequent launches can check if the pipe exists and if so they pass the needed information to launch the new Window through the pipe to the main process.
The created pipe name contains some additional information (the Atom version, local username who's launching Atom, cpu architecture), this way multiple users can have different instances of Atom opened without affecting each other.
In Windows, named pipes are global and available system wide: any user can create a named pipe, list all the named pipes that exist on the system, connect to any named pipe or sniff messages that travel through any named pipe.
This solution provides 3 different takes:
In order to implement this whole flow, the server and the clients share a single secret which gets stored in the
The secret file name contains the username and the Atom version (e.g