Can't change NamedPipe permissions with Windows

[apirila]

Version

16.15.1

Platform

Windows 11

Subsystem

net

What steps will reproduce the bug?

The API for creating a named pipe in Windows does not allow setting permissions of the named pipe and by default pipes are readable by everyone. This makes secure programming very difficult.

How often does it reproduce? Is there a required condition?

Always.

What is the expected behavior?

No response

What do you see instead?

Either default permissions should be set to current user only or an API should be provided to set the permissions.

Additional information

No response

[bnoordhuis]

The API for creating a named pipe in Windows

For my understanding: what specific API inside node are you referring to?

[apirila]

I created Windows named pipes like this:

var net = require('net');

var PIPE_NAME = "mypipe";
var PIPE_PATH = "\\\\.\\pipe\\" + PIPE_NAME;

var L = console.log;

var server = net.createServer(function(stream) {
    L('Server: on connection')

    stream.on('data', function(c) {
        L('Server: on data:', c.toString());
    });

    stream.on('end', function() {
        L('Server: on end')
        server.close();
    });

    stream.write('Take it easy!');
});

server.on('close',function(){
    L('Server: on close');
})

server.listen(PIPE_PATH,function(){
    L('Server: on listening');
})

// == Client part == //
var client = net.connect(PIPE_PATH, function() {
    L('Client: on connection');
})

client.on('data', function(data) {
    L('Client: on data:', data.toString());
    client.end('Thanks!');
});

client.on('end', function() {
    L('Client: on end');
})

Example is from here: https://stackoverflow.com/questions/11750041/how-to-create-a-named-pipe-in-node-js

The problem is that, AFAIK, in Windows named pipes are created using the network subsystem, not using files.

[bnoordhuis]

Node (well, libuv) calls CreateNamedPipe() with the WRITE_DAC (but not WRITE_OWNER) flag and default security attributes, meaning:

The ACLs in the default security descriptor for a named pipe grant full control to the LocalSystem account, administrators, and the creator owner. They also grant read access to members of the Everyone group and the anonymous account.

Excluding some of those may be reasonable (or maybe not, I'm undecided) but as node has worked this way since basically forever any change in default behavior risks breaking existing libraries or applications, so we're unlikely to make that change.

(As well, since you're the first one to bring this up, it seems like a safe bet the default is working fine for most users.)

An opt-in could work but you'll have to pursue that by modifying libuv (open an issue first to hash out the details) and then changing node to make use of the new libuv API.

If you don't plan on working on that, fair, but then please close the issue.

[bnoordhuis]

I assume the lack of reply means you're not intending to pursue this. I'll close out the issue.