This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Safety of ssh-agent re: fake unix sockets?
- From: Seth Delackner <seth at jtan dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 4 Dec 2001 22:37:57 -0800
- Subject: Safety of ssh-agent re: fake unix sockets?
Way back in January, in message
http://www.cygwin.com/ml/cygwin/2001-01/msg00063.html
I think Egor Duda, but perhaps David Peterson wrote
that the socket implementation in cygwin allowed an
attacker to simply send an RSA auth request to a
specific port on your machine and presto, he would
receive your private key.
Since there were no replies to this message (that I
can find), I'm really interested to hear if anyone
has solved this or if he is incorrect?
I really don't want to have to setup a port-blocking
firewall just to prevent this, especially considering
that ZoneAlarm is doing a fine job with application-
specific blocking (and I have no other services running
that outsiders could abuse).
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/