### Impact

When configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously configured `reject_remote_clients` to `true`, this effectively undoes the configuration. This also applies if `reject_remote_clients` is not explicitly set as this is the default configuration and is cleared by calling `pipe_mode`.

Remote clients may only access the named pipe if the named pipe’s associated path is accessible via a publically shared folder (SMB).

### Patches

The following versions have been patched:
* 1.23.1
* 1.20.3
* 1.18.4

The fix will also be present in all releases starting from version 1.24.0.

Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected.

### Workarounds

Ensure that `pipe_mode` is set **first** after initializing a `ServerOptions`. For example:

“`rust
let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);
“`

### References

https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea#pipe_reject_remote_clientsRead More