This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Hi! ssh-agent creates temp directory under /tmp with '600' permissions, and actual socket file is created under it using default umask. under unix, it's not a problem since nobody can read socket file if he have no scan rights to the directory. But under win32 there exists a separate privilege named "Bypass traverse checking", granted to everybody by default, which allow reading file even if user have no rights on directory. with my changes to AF_UNIX socket code, socket security is provided by inability of unauthorized parties to read socket file contents, but with "Bypass traverse checking" privilege, they _can_ read it. attached patch is supposed to fix this. 2001-04-28 Egor Duda <deo@logos-m.ru> * ssh-agent.c (main): On cygwin create auth socket with mode 600 egor. mailto:deo@logos-m.ru icq 5165414 fidonet 2:5020/496.19
openssh-cygwin-socket-permissions.ChangeLog
openssh-cygwin-socket-permissions.diff
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |