Hi!
this patch prevents local users from connecting to cygwin-emulated
AF_UNIX socket if this user have no read rights on socket's file.
it's done by adding 128-bit random secret cookie to !<socket>port
string in file. later, each processes which is negotiating connection
via connect() or accept() must signal its peer that it knows this
secret cookie.
sendto() and recvfrom() are still insecure, unfortunately.
Comments?
egor. mailto:[EMAIL PROTECTED] icq 5165414 fidonet 2:5020/496.19
af_unix-security.diff
af_unix-security.ChangeLog
