Egor, On Wed, Apr 04, 2001 at 10:02:50PM +0400, egor duda wrote: > this patch prevents local users from connecting to cygwin-emulated > AF_UNIX socket if this user have no read rights on socket's file. > it's done by adding 128-bit random secret cookie to !<socket>port > string in file. later, each processes which is negotiating connection > via connect() or accept() must signal its peer that it knows this > secret cookie. > > sendto() and recvfrom() are still insecure, unfortunately. > > Comments? I have tried the above with PostgreSQL and it works as documented. However, see the attached for a comment from one of the PostgreSQL core developers. Is it possible and/or does it make sense to do as suggested? Thanks, Jason -- Jason Tishler Director, Software Engineering Phone: +1 (732) 264-8770 x235 Dot Hill Systems Corp. Fax: +1 (732) 264-8798 82 Bethany Road, Suite 7 Email: [EMAIL PROTECTED] Hazlet, NJ 07730 USA WWW: http://www.dothill.com
Jason Tishler writes: > I used 7.1rc4 from Cygwin's contrib and everything seems to work as > expected. The regression tests all passed. Even the enhanced AF_UNIX > security worked as advertised. If the client (i.e., psql) has read > access to the socket file (i.e., /tmp/.s.PGSQL.5432), then it can connect > to postmaster. Otherwise, the client gets a "Permission denied" failure. Actually, connections to Unix domain sockets are controlled by *write* access to the socket file. Maybe Cygwin should change this. -- Peter Eisentraut [EMAIL PROTECTED] http://yi.org/peter-e/
