permissions for auth socket in cygwin port of openssh

Corinna Vinschen
Sun Apr 29 12:57:00 GMT 2001

On Sat, Apr 28, 2001 at 09:04:39PM +0400, egor duda wrote:
> Hi!
>   ssh-agent creates temp directory under /tmp with '600' permissions,
> and actual socket file is created under it using default umask. under
> unix, it's not a problem since nobody can read socket file if he have
> no scan rights to the directory. But under win32 there exists a
> separate privilege named "Bypass traverse checking", granted to
> everybody by default, which allow reading file even if user have no
> rights on directory. with my changes to AF_UNIX socket code, socket
> security is provided by inability of unauthorized parties to read
> socket file contents, but with "Bypass traverse checking" privilege,
> they _can_ read it. attached patch is supposed to fix this.
> 2001-04-28  Egor Duda  <>
>         * ssh-agent.c (main): On cygwin create auth socket with mode 600
> egor.   icq 5165414 fidonet 2:5020/496.19

Thanks Egor,

I will send the patch to the ssh mailing list, relative to the current
in the CVS repository.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

More information about the Cygwin-apps mailing list