mirror of
https://github.com/tailscale/tailscale.git
synced 2025-01-08 17:17:42 +00:00
f844791e15
I manually tested that the code path that relaxes pipe permissions is not executed when run with elevated priviliges, and the test also passes in that case. Updates #7876 Signed-off-by: James Tucker <jftucker@gmail.com>
23 lines
674 B
Go
23 lines
674 B
Go
// Copyright (c) Tailscale Inc & AUTHORS
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
package safesocket
|
|
|
|
import "tailscale.com/util/winutil"
|
|
|
|
func init() {
|
|
// downgradeSDDL is a test helper that downgrades the windowsSDDL variable if
|
|
// the currently running user does not have sufficient priviliges to set the
|
|
// SDDL.
|
|
downgradeSDDL = func() (cleanup func()) {
|
|
// The current default descriptor can not be set by mere mortal users,
|
|
// so we need to undo that for executing tests as a regular user.
|
|
if !winutil.IsCurrentProcessElevated() {
|
|
var orig string
|
|
orig, windowsSDDL = windowsSDDL, ""
|
|
return func() { windowsSDDL = orig }
|
|
}
|
|
return func() {}
|
|
}
|
|
}
|