This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: improving security of AF_UNIX sockets

To: cygwin-patches at cygwin dot com
Subject: Re: improving security of AF_UNIX sockets
From: Christopher Faylor <cgf at redhat dot com>
Date: Fri, 6 Apr 2001 14:17:43 -0400
References: <198204047314.20010404220250@logos-m.ru>
Reply-To: cygwin-patches at cygwin dot com

On Wed, Apr 04, 2001 at 10:02:50PM +0400, egor duda wrote:
>This patch prevents local users from connecting to cygwin-emulated
>AF_UNIX socket if this user have no read rights on socket's file.  it's
>done by adding 128-bit random secret cookie to !<socket>port string in
>file.  later, each processes which is negotiating connection via
>connect() or accept() must signal its peer that it knows this secret
>cookie.

This looks good.  It seems like this would not be backwards compatible
though, right?

I don't know if this is an issue or not.

cgf

Follow-Ups:
- Re: improving security of AF_UNIX sockets
  - From: egor duda

References:
- improving security of AF_UNIX sockets
  - From: egor duda

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]