improving security of AF_UNIX sockets
Christopher Faylor
cgf@redhat.com
Fri Apr 6 12:19:00 GMT 2001
On Wed, Apr 04, 2001 at 10:02:50PM +0400, egor duda wrote:
>This patch prevents local users from connecting to cygwin-emulated
>AF_UNIX socket if this user have no read rights on socket's file. it's
>done by adding 128-bit random secret cookie to !<socket>port string in
>file. later, each processes which is negotiating connection via
>connect() or accept() must signal its peer that it knows this secret
>cookie.
This looks good. It seems like this would not be backwards compatible
though, right?
I don't know if this is an issue or not.
cgf
More information about the Cygwin-patches
mailing list