Change the naming policy for connection-sharing Unix sockets.

I had initially assumed that, since all of a user's per-connection subdirectories live inside a top-level putty-connshare.$USER directory that's not accessible to anyone else, there would be no need to obfuscate the names of the internal directories for privacy, because nobody would be able to look at them anyway. Unfortunately, that's not true: 'netstat -ax' run by any user will show up the full pathnames of Unix-domain sockets, including pathname components that you wouldn't have had the access to go and look at directly. So the Unix connection sharing socket names do need to be obfuscated after all. Since Unix doesn't have Windows's CryptProtectMemory, we have to do this manually, by creating a file of random salt data inside the top-level putty-connshare directory (if there isn't one there already) and then hashing that salt with the "user@host" connection identifier to get the socket directory name. What a pain. [originally from svn r10222]
2025-06-30 19:12:48 -05:00 · 2014-09-09 12:47:39 +00:00
parent 70ab076d83
commit 24cd95b6f9
2 changed files with 242 additions and 54 deletions
--- a/ssh.c
+++ b/ssh.c
@ -10625,11 +10625,13 @@ static const char *ssh_init(void *frontend_handle, void **backend_handle,
    ssh->gsslibs = NULL;
 #endif

-    p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
-    if (p != NULL)
-	return p;
+    random_ref(); /* do this now - may be needed by sharing setup code */

-    random_ref();
+    p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
+    if (p != NULL) {
+        random_unref();
+	return p;
+    }

    return NULL;
 }