Hi!
ssh-agent creates temp directory under /tmp with '600' permissions,
and actual socket file is created under it using default umask. under
unix, it's not a problem since nobody can read socket file if he have
no scan rights to the directory. But under win32 there exists a
separate privilege named "Bypass traverse checking", granted to
everybody by default, which allow reading file even if user have no
rights on directory. with my changes to AF_UNIX socket code, socket
security is provided by inability of unauthorized parties to read
socket file contents, but with "Bypass traverse checking" privilege,
they _can_ read it. attached patch is supposed to fix this.
2001-04-28 Egor Duda <[EMAIL PROTECTED]>
* ssh-agent.c (main): On cygwin create auth socket with mode 600
egor. mailto:[EMAIL PROTECTED] icq 5165414 fidonet 2:5020/496.19
openssh-cygwin-socket-permissions.ChangeLog
openssh-cygwin-socket-permissions.diff
