Mail Archives: cygwin-apps/2001/04/28/13:05:17
------------F51E01B93D228E38
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi!
ssh-agent creates temp directory under /tmp with '600' permissions,
and actual socket file is created under it using default umask. under
unix, it's not a problem since nobody can read socket file if he have
no scan rights to the directory. But under win32 there exists a
separate privilege named "Bypass traverse checking", granted to
everybody by default, which allow reading file even if user have no
rights on directory. with my changes to AF_UNIX socket code, socket
security is provided by inability of unauthorized parties to read
socket file contents, but with "Bypass traverse checking" privilege,
they _can_ read it. attached patch is supposed to fix this.
2001-04-28 Egor Duda <deo AT logos-m DOT ru>
* ssh-agent.c (main): On cygwin create auth socket with mode 600
egor. mailto:deo AT logos-m DOT ru icq 5165414 fidonet 2:5020/496.19
------------F51E01B93D228E38
Content-Type: application/octet-stream; name="openssh-cygwin-socket-permissions.ChangeLog"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="openssh-cygwin-socket-permissions.ChangeLog"
MjAwMS0wNC0yOCAgRWdvciBEdWRhICA8ZGVvQGxvZ29zLW0ucnU+CgoJKiBzc2gtYWdlbnQuYyAo
bWFpbik6IE9uIGN5Z3dpbiBjcmVhdGUgYXV0aCBzb2NrZXQgd2l0aCBtb2RlIDYwMAo=
------------F51E01B93D228E38
Content-Type: application/octet-stream; name="openssh-cygwin-socket-permissions.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="openssh-cygwin-socket-permissions.diff"
ZGlmZiAtdXAyIG9wZW5zc2gtMi41LjJwMi9zc2gtYWdlbnQuYyBvcGVuc3NoLTIuNS4ycDIuZGVv
L3NzaC1hZ2VudC5jCi0tLSBvcGVuc3NoLTIuNS4ycDIvc3NoLWFnZW50LmMJTW9uIE1hciAxOSAw
MTozODoxNiAyMDAxCisrKyBvcGVuc3NoLTIuNS4ycDIuZGVvL3NzaC1hZ2VudC5jCVNhdCBBcHIg
MjggMjA6NTE6MTcgMjAwMQpAQCAtNzI5LDUgKzcyOSw1IEBAIGludAogbWFpbihpbnQgYWMsIGNo
YXIgKiphdikKIHsKLQlpbnQgc29jaywgY19mbGFnID0gMCwga19mbGFnID0gMCwgc19mbGFnID0g
MCwgY2g7CisJaW50IHNvY2ssIGNfZmxhZyA9IDAsIGtfZmxhZyA9IDAsIHNfZmxhZyA9IDAsIGNo
LCBwcmV2X21hc2s7CiAJc3RydWN0IHNvY2thZGRyX3VuIHN1bmFkZHI7CiAjaWZkZWYgSEFWRV9T
RVRSTElNSVQKQEAgLTgyMCw0ICs4MjAsNyBAQCBtYWluKGludCBhYywgY2hhciAqKmF2KQogCQlj
bGVhbnVwX2V4aXQoMSk7CiAJfQorI2lmZGVmIEhBVkVfQ1lHV0lOCisJcHJldl9tYXNrID0gdW1h
c2soMDE3Nyk7CisjZW5kaWYKIAltZW1zZXQoJnN1bmFkZHIsIDAsIHNpemVvZihzdW5hZGRyKSk7
CiAJc3VuYWRkci5zdW5fZmFtaWx5ID0gQUZfVU5JWDsKQEAgLTgyNyw0ICs4MzAsNyBAQCBtYWlu
KGludCBhYywgY2hhciAqKmF2KQogCQljbGVhbnVwX2V4aXQoMSk7CiAJfQorI2lmZGVmIEhBVkVf
Q1lHV0lOCisJdW1hc2socHJldl9tYXNrKTsKKyNlbmRpZgogCWlmIChsaXN0ZW4oc29jaywgNSkg
PCAwKSB7CiAJCXBlcnJvcigibGlzdGVuIik7Cg==
------------F51E01B93D228E38--
- Raw text -