This is the mail archive of the
mailing list for the Cygwin project.
Re: permissions for auth socket in cygwin port of openssh
- To: cygwin-apps at cygwin dot com
- Subject: Re: permissions for auth socket in cygwin port of openssh
- From: Corinna Vinschen <cygwin-apps at cygwin dot com>
- Date: Sun, 29 Apr 2001 21:57:34 +0200
- References: <firstname.lastname@example.org>
On Sat, Apr 28, 2001 at 09:04:39PM +0400, egor duda wrote:
> ssh-agent creates temp directory under /tmp with '600' permissions,
> and actual socket file is created under it using default umask. under
> unix, it's not a problem since nobody can read socket file if he have
> no scan rights to the directory. But under win32 there exists a
> separate privilege named "Bypass traverse checking", granted to
> everybody by default, which allow reading file even if user have no
> rights on directory. with my changes to AF_UNIX socket code, socket
> security is provided by inability of unauthorized parties to read
> socket file contents, but with "Bypass traverse checking" privilege,
> they _can_ read it. attached patch is supposed to fix this.
> 2001-04-28 Egor Duda <email@example.com>
> * ssh-agent.c (main): On cygwin create auth socket with mode 600
> egor. mailto:firstname.lastname@example.org icq 5165414 fidonet 2:5020/496.19
I will send the patch to the ssh mailing list, relative to the current
in the CVS repository.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:email@example.com
Red Hat, Inc.