This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: improving security of AF_UNIX sockets


On Fri, Apr 06, 2001 at 11:40:47PM +0400, egor duda wrote:
>Hi!
>
>Friday, 06 April, 2001 Christopher Faylor cgf@redhat.com wrote:
>
>CF> On Wed, Apr 04, 2001 at 10:02:50PM +0400, egor duda wrote:
>>>This patch prevents local users from connecting to cygwin-emulated
>>>AF_UNIX socket if this user have no read rights on socket's file.  it's
>>>done by adding 128-bit random secret cookie to !<socket>port string in
>>>file.  later, each processes which is negotiating connection via
>>>connect() or accept() must signal its peer that it knows this secret
>>>cookie.
>
>CF> This looks good.  It seems like this would not be backwards compatible
>CF> though, right?
>
>CF> I don't know if this is an issue or not.
>
>it won't be an issue because contents of AF_UNIX sockets are not
>"persistent", they are being created anew on every bind(). in
>this sense they're unlike symlinks -- we don't care about what was
>written to the socket file before.
>
>the only possible incompatibility can appear if some application is
>reading an interpreting socket file contents directly, bypassing
>normal cygwin mechanism. i've never heard of such applications, and
>even if they exist, they're certainly fundamentally wrong.

That's what I thought.  Go ahead and check this in.  I appreciate your
thinking about this.

cgf


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]