This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: improving security of AF_UNIX sockets
- To: egor duda <cygwin-patches at cygwin dot com>
- Subject: Re: improving security of AF_UNIX sockets
- From: Jason Tishler <Jason dot Tishler at dothill dot com>
- Date: Fri, 13 Apr 2001 11:23:38 -0400
- Organization: Dot Hill Systems Corp.
- References: <198204047314.20010404220250@logos-m.ru>
Egor,
On Wed, Apr 04, 2001 at 10:02:50PM +0400, egor duda wrote:
> this patch prevents local users from connecting to cygwin-emulated
> AF_UNIX socket if this user have no read rights on socket's file.
> it's done by adding 128-bit random secret cookie to !<socket>port
> string in file. later, each processes which is negotiating connection
> via connect() or accept() must signal its peer that it knows this
> secret cookie.
>
> sendto() and recvfrom() are still insecure, unfortunately.
>
> Comments?
I have tried the above with PostgreSQL and it works as documented.
However, see the attached for a comment from one of the PostgreSQL
core developers.
Is it possible and/or does it make sense to do as suggested?
Thanks,
Jason
--
Jason Tishler
Director, Software Engineering Phone: +1 (732) 264-8770 x235
Dot Hill Systems Corp. Fax: +1 (732) 264-8798
82 Bethany Road, Suite 7 Email: Jason.Tishler@dothill.com
Hazlet, NJ 07730 USA WWW: http://www.dothill.com
- To: Jason Tishler <Jason dot Tishler at dothill dot com>
- Subject: Re: [PORTS] Re: best Cygwin release/snapshot for Postgresql
- From: Peter Eisentraut <peter_e at gmx dot net>
- Date: Fri, 13 Apr 2001 16:36:07 +0200 (CEST)
- cc: Fred Yankowski <fcy at ontosys dot com>, Pgsql-Ports <pgsql-ports at postgresql dot org>
Jason Tishler writes:
> I used 7.1rc4 from Cygwin's contrib and everything seems to work as
> expected. The regression tests all passed. Even the enhanced AF_UNIX
> security worked as advertised. If the client (i.e., psql) has read
> access to the socket file (i.e., /tmp/.s.PGSQL.5432), then it can connect
> to postmaster. Otherwise, the client gets a "Permission denied" failure.
Actually, connections to Unix domain sockets are controlled by *write*
access to the socket file. Maybe Cygwin should change this.
--
Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/