This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

improving security of AF_UNIX sockets


Hi!

  this patch prevents local users from connecting to cygwin-emulated
AF_UNIX socket if this user have no read rights on socket's file.
it's done by adding 128-bit random secret cookie to !<socket>port
string in file. later, each processes which is negotiating connection
via connect() or accept() must signal its peer that it knows this
secret cookie.

sendto() and recvfrom() are still insecure, unfortunately.

Comments?


egor.            mailto:deo@logos-m.ru icq 5165414 fidonet 2:5020/496.19

af_unix-security.diff

af_unix-security.ChangeLog


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]