This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: improving security of AF_UNIX sockets
- To: cygwin-patches at cygwin dot com
- Subject: Re: improving security of AF_UNIX sockets
- From: Christopher Faylor <cgf at redhat dot com>
- Date: Fri, 6 Apr 2001 14:17:43 -0400
- References: <198204047314.20010404220250@logos-m.ru>
- Reply-To: cygwin-patches at cygwin dot com
On Wed, Apr 04, 2001 at 10:02:50PM +0400, egor duda wrote:
>This patch prevents local users from connecting to cygwin-emulated
>AF_UNIX socket if this user have no read rights on socket's file. it's
>done by adding 128-bit random secret cookie to !<socket>port string in
>file. later, each processes which is negotiating connection via
>connect() or accept() must signal its peer that it knows this secret
>cookie.
This looks good. It seems like this would not be backwards compatible
though, right?
I don't know if this is an issue or not.
cgf