This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
improving security of AF_UNIX sockets
- To: cygwin-patches at cygwin dot com
- Subject: improving security of AF_UNIX sockets
- From: egor duda <deo at logos-m dot ru>
- Date: Wed, 4 Apr 2001 22:02:50 +0400
- Organization: deo
- Reply-To: egor duda <cygwin-patches at cygwin dot com>
Hi!
this patch prevents local users from connecting to cygwin-emulated
AF_UNIX socket if this user have no read rights on socket's file.
it's done by adding 128-bit random secret cookie to !<socket>port
string in file. later, each processes which is negotiating connection
via connect() or accept() must signal its peer that it knows this
secret cookie.
sendto() and recvfrom() are still insecure, unfortunately.
Comments?
egor. mailto:deo@logos-m.ru icq 5165414 fidonet 2:5020/496.19
af_unix-security.diff
af_unix-security.ChangeLog