permissions for auth socket in cygwin port of openssh
Corinna Vinschen
cygwin-apps@cygwin.com
Sun Apr 29 13:05:00 GMT 2001
On Sun, Apr 29, 2001 at 09:57:34PM +0200, Corinna Vinschen wrote:
> On Sat, Apr 28, 2001 at 09:04:39PM +0400, egor duda wrote:
> > Hi!
> >
> > ssh-agent creates temp directory under /tmp with '600' permissions,
> > and actual socket file is created under it using default umask. under
> > unix, it's not a problem since nobody can read socket file if he have
> > no scan rights to the directory. But under win32 there exists a
> > separate privilege named "Bypass traverse checking", granted to
> > everybody by default, which allow reading file even if user have no
> > rights on directory. with my changes to AF_UNIX socket code, socket
> > security is provided by inability of unauthorized parties to read
> > socket file contents, but with "Bypass traverse checking" privilege,
> > they _can_ read it. attached patch is supposed to fix this.
> >
> > 2001-04-28 Egor Duda <deo@logos-m.ru>
> >
> > * ssh-agent.c (main): On cygwin create auth socket with mode 600
> >
> > egor. mailto:deo@logos-m.ru icq 5165414 fidonet 2:5020/496.19
>
> Thanks Egor,
>
> I will send the patch to the ssh mailing list, relative to the current
> in the CVS repository.
Oh, wait, is there a reason to not implement that by simply calling
chmod?
Index: ssh-agent.c
===================================================================
RCS file: /cvs/openssh_cvs/ssh-agent.c,v
retrieving revision 1.54
diff -u -p -r1.54 ssh-agent.c
--- ssh-agent.c 2001/04/04 01:53:21 1.54
+++ ssh-agent.c 2001/04/29 20:05:19
@@ -809,6 +809,9 @@ main(int ac, char **av)
perror("bind");
cleanup_exit(1);
}
+#ifdef HAVE_CYGWIN
+ chmod(socket_name, S_IRUSR | S_IWUSR);
+#endif
if (listen(sock, 5) < 0) {
perror("listen");
cleanup_exit(1);
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
More information about the Cygwin-apps
mailing list