Can we determine which program is at the other end of the named pipe?

M

Mercury132021-11-16 19:00:59

Windows

Mercury13, 2021-11-16 19:00:59

General task: there is a privileged 32-bit program that works as a proxy for one of the accounting systems. It is necessary to check who has access to "her body."
We sorted out the communication of two programs via the console more than a year ago, I checked who was calling the program.
They began to live on, expand the program - now it can be run in service mode, communicating with it through a named pipe!
But the issue of data security remains.
Actually, the question is: is it possible to determine which program is at the other end of the pipe, in order to later check its signature?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

rPman, 2021-11-16
@rPman

windows pipes can use windows authentication, i.e. Only authorized users have access to the pipe (by default, all authorized users, if I remember correctly).
Your proxy must be augmented to create a security descriptor for the pipes being created, everyone who tries to open this pipe, for example, must be users of the groups specified in the descriptor