ftp.delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin-apps/2001/04/28/13:05:17

Mailing-List: contact cygwin-apps-help AT sourceware DOT cygnus DOT com; run by ezmlm
Sender: cygwin-apps-owner AT sourceware DOT cygnus DOT com
List-Subscribe: <mailto:cygwin-apps-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-apps/>
List-Post: <mailto:cygwin-apps AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-apps-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/lists.html#faqs>
Delivered-To: mailing list cygwin-apps AT sources DOT redhat DOT com
Date: Sat, 28 Apr 2001 21:04:39 +0400
From: egor duda <deo AT logos-m DOT ru>
X-Mailer: The Bat! (v1.45) Personal
Reply-To: egor duda <cygwin-apps AT cygwin DOT com>
Organization: deo
X-Priority: 3 (Normal)
Message-ID: <7734862689.20010428210439@logos-m.ru>
To: cygwin-apps AT cygwin DOT com
Subject: permissions for auth socket in cygwin port of openssh
Mime-Version: 1.0

------------F51E01B93D228E38
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi!

  ssh-agent creates temp directory under /tmp with '600' permissions,
and actual socket file is created under it using default umask. under
unix, it's not a problem since nobody can read socket file if he have
no scan rights to the directory. But under win32 there exists a
separate privilege named "Bypass traverse checking", granted to
everybody by default, which allow reading file even if user have no
rights on directory. with my changes to AF_UNIX socket code, socket
security is provided by inability of unauthorized parties to read
socket file contents, but with "Bypass traverse checking" privilege,
they _can_ read it. attached patch is supposed to fix this.

2001-04-28  Egor Duda  <deo AT logos-m DOT ru>

        * ssh-agent.c (main): On cygwin create auth socket with mode 600

egor.            mailto:deo AT logos-m DOT ru icq 5165414 fidonet 2:5020/496.19
------------F51E01B93D228E38
Content-Type: application/octet-stream; name="openssh-cygwin-socket-permissions.ChangeLog"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="openssh-cygwin-socket-permissions.ChangeLog"

MjAwMS0wNC0yOCAgRWdvciBEdWRhICA8ZGVvQGxvZ29zLW0ucnU+CgoJKiBzc2gtYWdlbnQuYyAo
bWFpbik6IE9uIGN5Z3dpbiBjcmVhdGUgYXV0aCBzb2NrZXQgd2l0aCBtb2RlIDYwMAo=

------------F51E01B93D228E38
Content-Type: application/octet-stream; name="openssh-cygwin-socket-permissions.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="openssh-cygwin-socket-permissions.diff"

ZGlmZiAtdXAyIG9wZW5zc2gtMi41LjJwMi9zc2gtYWdlbnQuYyBvcGVuc3NoLTIuNS4ycDIuZGVv
L3NzaC1hZ2VudC5jCi0tLSBvcGVuc3NoLTIuNS4ycDIvc3NoLWFnZW50LmMJTW9uIE1hciAxOSAw
MTozODoxNiAyMDAxCisrKyBvcGVuc3NoLTIuNS4ycDIuZGVvL3NzaC1hZ2VudC5jCVNhdCBBcHIg
MjggMjA6NTE6MTcgMjAwMQpAQCAtNzI5LDUgKzcyOSw1IEBAIGludAogbWFpbihpbnQgYWMsIGNo
YXIgKiphdikKIHsKLQlpbnQgc29jaywgY19mbGFnID0gMCwga19mbGFnID0gMCwgc19mbGFnID0g
MCwgY2g7CisJaW50IHNvY2ssIGNfZmxhZyA9IDAsIGtfZmxhZyA9IDAsIHNfZmxhZyA9IDAsIGNo
LCBwcmV2X21hc2s7CiAJc3RydWN0IHNvY2thZGRyX3VuIHN1bmFkZHI7CiAjaWZkZWYgSEFWRV9T
RVRSTElNSVQKQEAgLTgyMCw0ICs4MjAsNyBAQCBtYWluKGludCBhYywgY2hhciAqKmF2KQogCQlj
bGVhbnVwX2V4aXQoMSk7CiAJfQorI2lmZGVmIEhBVkVfQ1lHV0lOCisJcHJldl9tYXNrID0gdW1h
c2soMDE3Nyk7CisjZW5kaWYKIAltZW1zZXQoJnN1bmFkZHIsIDAsIHNpemVvZihzdW5hZGRyKSk7
CiAJc3VuYWRkci5zdW5fZmFtaWx5ID0gQUZfVU5JWDsKQEAgLTgyNyw0ICs4MzAsNyBAQCBtYWlu
KGludCBhYywgY2hhciAqKmF2KQogCQljbGVhbnVwX2V4aXQoMSk7CiAJfQorI2lmZGVmIEhBVkVf
Q1lHV0lOCisJdW1hc2socHJldl9tYXNrKTsKKyNlbmRpZgogCWlmIChsaXN0ZW4oc29jaywgNSkg
PCAwKSB7CiAJCXBlcnJvcigibGlzdGVuIik7Cg==

------------F51E01B93D228E38--


- Raw text -


  webmaster     delorie software   privacy  
  Copyright 2019   by DJ Delorie     Updated Jul 2019