Mail Archives: cygwin-apps/2001/05/03/08:38:30

www.delorie.com/archives/browse.cgi

search

Mail Archives: cygwin-apps/2001/05/03/08:38:30

Mailing-List: contact cygwin-apps-help AT sourceware DOT cygnus DOT com; run by ezmlm

Sender: cygwin-apps-owner AT sourceware DOT cygnus DOT com

List-Subscribe: <mailto:cygwin-apps-subscribe AT sources DOT redhat DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin-apps/>

List-Post: <mailto:cygwin-apps AT sources DOT redhat DOT com>

List-Help: <mailto:cygwin-apps-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/lists.html#faqs>

Delivered-To: mailing list cygwin-apps AT sources DOT redhat DOT com

Date: Thu, 3 May 2001 14:34:53 +0200

From: Corinna Vinschen <cygwin-apps AT cygwin DOT com>

To: cygwin-apps AT cygwin DOT com

Subject: Re: permissions for auth socket in cygwin port of openssh

Message-ID: <20010503143453.A3296@cygbert.vinschen.de>

Mail-Followup-To: cygwin-apps AT cygwin DOT com

References: <7734862689 DOT 20010428210439 AT logos-m DOT ru>

Mime-Version: 1.0

User-Agent: Mutt/1.2.5i

In-Reply-To: <7734862689.20010428210439@logos-m.ru>; from deo@logos-m.ru on Sat, Apr 28, 2001 at 09:04:39PM +0400

On Sat, Apr 28, 2001 at 09:04:39PM +0400, egor duda wrote:
> Hi!
> 
>   ssh-agent creates temp directory under /tmp with '600' permissions,
> and actual socket file is created under it using default umask. under
> unix, it's not a problem since nobody can read socket file if he have
> no scan rights to the directory. But under win32 there exists a
> separate privilege named "Bypass traverse checking", granted to
> everybody by default, which allow reading file even if user have no
> rights on directory. with my changes to AF_UNIX socket code, socket
> security is provided by inability of unauthorized parties to read
> socket file contents, but with "Bypass traverse checking" privilege,
> they _can_ read it. attached patch is supposed to fix this.
> 
> 2001-04-28  Egor Duda  <deo AT logos-m DOT ru>
> 
>         * ssh-agent.c (main): On cygwin create auth socket with mode 600
> 
> egor.            mailto:deo AT logos-m DOT ru icq 5165414 fidonet 2:5020/496.19

I have sent your patch to the openssh-unix-dev mailing list.
I had to change it slightly since the umask wasn't reverted
if bind fails in your patch.

Unfortunately I was some hours too late to get it into 2.9p1.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-apps-help AT sourceware DOT cygnus DOT com; run by ezmlm
Sender:	cygwin-apps-owner AT sourceware DOT cygnus DOT com
List-Subscribe:	<mailto:cygwin-apps-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin-apps/>
List-Post:	<mailto:cygwin-apps AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-apps-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/lists.html#faqs>
Delivered-To:	mailing list cygwin-apps AT sources DOT redhat DOT com
Date:	Thu, 3 May 2001 14:34:53 +0200
From:	Corinna Vinschen <cygwin-apps AT cygwin DOT com>
To:	cygwin-apps AT cygwin DOT com
Subject:	Re: permissions for auth socket in cygwin port of openssh
Message-ID:	<20010503143453.A3296@cygbert.vinschen.de>
Mail-Followup-To:	cygwin-apps AT cygwin DOT com
References:	<7734862689 DOT 20010428210439 AT logos-m DOT ru>
Mime-Version:	1.0
User-Agent:	Mutt/1.2.5i
In-Reply-To:	<7734862689.20010428210439@logos-m.ru>; from deo@logos-m.ru on Sat, Apr 28, 2001 at 09:04:39PM +0400