improving security of AF_UNIX sockets

egor duda
Wed Apr 4 11:04:00 GMT 2001


  this patch prevents local users from connecting to cygwin-emulated
AF_UNIX socket if this user have no read rights on socket's file.
it's done by adding 128-bit random secret cookie to !<socket>port
string in file. later, each processes which is negotiating connection
via connect() or accept() must signal its peer that it knows this
secret cookie.

sendto() and recvfrom() are still insecure, unfortunately.


egor.   icq 5165414 fidonet 2:5020/496.19

-------------- next part --------------
2001-04-04  Egor Duda  <>

	* fhandler.h (class fhandler_socket): Add members and methods to
	support secure connections on AF_UNIX sockets.
	* (fhandler_socket::set_connect_secret): New method.
	(fhandler_socket::get_connect_secret): Ditto.
	(fhandler_socket::create_secret_event): Ditto.
	(fhandler_socket::close_secret_event): Ditto.
	(fhandler_socket::check_peer_secret_event): Ditto.
	(fhandler_socket::fixup_after_fork): Duplicate secret event to child.
	(fhandler_socket::dup): Copy address family.
	(fhandler_socket::close): Close secret event.
	* (get_inet_addr): Read secret cookie.
	(cygwin_connect): Check if peer knows secret cookie value.
	(cygwin_accept): Ditto. Copy address family to newly created socket.
	(cygwin_bind): Generate and write secret cookie.
	(wsock_init): Initialize random number generator.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: af_unix-security.diff
Type: text/x-diff
Size: 9439 bytes
Desc: not available
URL: <>

More information about the Cygwin-patches mailing list