permissions for auth socket in cygwin port of openssh
egor duda
deo@logos-m.ru
Sat Apr 28 10:05:00 GMT 2001
Hi!
ssh-agent creates temp directory under /tmp with '600' permissions,
and actual socket file is created under it using default umask. under
unix, it's not a problem since nobody can read socket file if he have
no scan rights to the directory. But under win32 there exists a
separate privilege named "Bypass traverse checking", granted to
everybody by default, which allow reading file even if user have no
rights on directory. with my changes to AF_UNIX socket code, socket
security is provided by inability of unauthorized parties to read
socket file contents, but with "Bypass traverse checking" privilege,
they _can_ read it. attached patch is supposed to fix this.
2001-04-28 Egor Duda <deo@logos-m.ru>
* ssh-agent.c (main): On cygwin create auth socket with mode 600
egor. mailto:deo@logos-m.ru icq 5165414 fidonet 2:5020/496.19
openssh-cygwin-socket-permissions.ChangeLog
openssh-cygwin-socket-permissions.diff
-------------- next part --------------
2001-04-28 Egor Duda <deo@logos-m.ru>
* ssh-agent.c (main): On cygwin create auth socket with mode 600
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-cygwin-socket-permissions.diff
Type: text/x-diff
Size: 769 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-apps/attachments/20010428/b00a44a0/attachment.bin>
More information about the Cygwin-apps
mailing list