Pipe server: X4 cannot open \\.\pipe\x4_python_host (Access Denied) unless explicit DACL is set #33
Description
Hi!
First, thank you very much for your great Mods!
But i ran into a persistent winpipe.open_pipe error reason: access denied by OS (inside Debug log) when X4 tries to connect to the pipe server (x4_python_host). This happened both with the standalone EXE server and with the Python server version.
Symptoms:
X4 debug log: x4_python_host; winpipe.open_pipe error reason: access denied by OS
A simple .NET NamedPipeClientStream test from the same Windows user also failed with UnauthorizedAccessException (0x80070005) when trying to connect to \.\pipe\x4_python_host.
Environment:
Windows 11 (64-bit), Steam install outside Program Files
X4 UI safe mode disabled
Tested with/without third-party AV (also reproduced after uninstalling Bitdefender)
Workaround / Fix (Python server);
The issue was resolved by explicitly setting a permissive security descriptor (DACL) when creating the named pipe. On my system, the default security created by the server ended up too restrictive, so X4 couldn’t open the pipe.
In the Python server code (where win32pipe.CreateNamedPipe is called), I set SECURITY_ATTRIBUTES using an SDDL like:
SYSTEM + Administrators + Everyone full access
After that, X4’s “Named Pipes API” menu showed both x4_python_host and x4_keys as connected, and the pipe server connected successfully.
Debug confirmation
I also printed the actual DACL from the created pipe; it showed something like:
D:(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;WD)
Question
Is the EXE server supposed to apply a similar DACL / security attributes on pipe creation? If not, would you consider adding an explicit security descriptor (or an option) so users don’t hit OS-level access denied on some systems?
P.s.
This might be a corner case on my system, but I’m posting it in case others run into the same OS-level “Access Denied” eror inside their Debug-log, when opening the pipe.