This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: improving security of AF_UNIX sockets


Egor,

On Wed, Apr 04, 2001 at 10:02:50PM +0400, egor duda wrote:
>   this patch prevents local users from connecting to cygwin-emulated
> AF_UNIX socket if this user have no read rights on socket's file.
> it's done by adding 128-bit random secret cookie to !<socket>port
> string in file. later, each processes which is negotiating connection
> via connect() or accept() must signal its peer that it knows this
> secret cookie.
> 
> sendto() and recvfrom() are still insecure, unfortunately.
> 
> Comments?

I have tried the above with PostgreSQL and it works as documented.
However, see the attached for a comment from one of the PostgreSQL
core developers.

Is it possible and/or does it make sense to do as suggested?

Thanks,
Jason

-- 
Jason Tishler
Director, Software Engineering       Phone: +1 (732) 264-8770 x235
Dot Hill Systems Corp.               Fax:   +1 (732) 264-8798
82 Bethany Road, Suite 7             Email: Jason.Tishler@dothill.com
Hazlet, NJ 07730 USA                 WWW:   http://www.dothill.com


Jason Tishler writes:

> I used 7.1rc4 from Cygwin's contrib and everything seems to work as
> expected.  The regression tests all passed.  Even the enhanced AF_UNIX
> security worked as advertised.  If the client (i.e., psql) has read
> access to the socket file (i.e., /tmp/.s.PGSQL.5432), then it can connect
> to postmaster.  Otherwise, the client gets a "Permission denied" failure.

Actually, connections to Unix domain sockets are controlled by *write*
access to the socket file.  Maybe Cygwin should change this.

-- 
Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/




Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]