mirror of
https://github.com/mpv-player/mpv
synced 2024-12-19 13:21:13 +00:00
ef625a78a4
The default security descriptor for named pipes in Windows allows the pipe to be opened for read access by the Everyone group and Anonymous account, as well as low-integrity processes (like web browser renderer processes.) This does not allow commands to be ran, but it does allow events to be received. I don't think any sensitive data is exposed by events, but that may not always be the case and Lua plugins might change this, since they can broadcast their own events with script-message. To be safe, this commit sets a custom security descriptor on the named pipe which only allows access from processes running under the same user account with an integrity level greater than or equal to the one used by mpv. |
||
---|---|---|
.. | ||
cmd_list.c | ||
cmd_list.h | ||
cmd_parse.c | ||
cmd_parse.h | ||
event.c | ||
event.h | ||
input.c | ||
input.h | ||
ipc-unix.c | ||
ipc-win.c | ||
ipc.c | ||
keycodes.c | ||
keycodes.h | ||
pipe-win32.c |