simon-svn: putty: simon
Commits to Tartarus CVS repository.
tartarus-commits at lists.tartarus.org
Tue Sep 9 13:47:39 BST 2014
SVN root: svn://svn.tartarus.org/sgt
Changes by: simon
Revision: 10222
Date: 2014-09-09 13:47:39 +0100 (Tue, 09 Sep 2014)
Log message (19 lines):
Change the naming policy for connection-sharing Unix sockets.
I had initially assumed that, since all of a user's per-connection
subdirectories live inside a top-level putty-connshare.$USER directory
that's not accessible to anyone else, there would be no need to
obfuscate the names of the internal directories for privacy, because
nobody would be able to look at them anyway.
Unfortunately, that's not true: 'netstat -ax' run by any user will
show up the full pathnames of Unix-domain sockets, including pathname
components that you wouldn't have had the access to go and look at
directly. So the Unix connection sharing socket names do need to be
obfuscated after all.
Since Unix doesn't have Windows's CryptProtectMemory, we have to do
this manually, by creating a file of random salt data inside the
top-level putty-connshare directory (if there isn't one there already)
and then hashing that salt with the "user at host" connection identifier
to get the socket directory name. What a pain.
Modified files:
U putty/ssh.c
U putty/unix/uxshare.c
Links:
http://svn.tartarus.org/sgt/?rev=10222&view=rev
http://svn.tartarus.org/sgt/putty/ssh.c?rev=10222&r1=10221&r2=10222
http://svn.tartarus.org/sgt/putty/unix/uxshare.c?rev=10222&r1=10221&r2=10222
More information about the tartarus-commits
mailing list