WSL2 socket file is world readable and in predictable location
rkerr opened this issue · 0 comments
rkerr commented
The WSL2 setup instructions include a script that creates the socket on a fixes path in a world writeable location using the default umask. As such it ends up with the socket being world readable and in a fixed location. I know in most cases WSL is used as a single user system so this is probably not as big a security issue as it would be in a normal linux system but still seems like a bit of a flaw.
It would probably be better to use mktemp to create a directory with a random name and secure permission like the standard openssh ssh-agent does. Something like:
export SSH_AUTH_SOCK=$(ps ux | grep "[S]OCKET-CONNECT:40:0:x0000x33332222x02000000x00000000" | sed -e "s/.* UNIX-LISTEN:\(.\+\),fork SOCKET.*/\1/")
if [ -z "${SSH_AUTH_SOCK}" ]; then
export SSH_AUTH_SOCK=$(mktemp -d -t winssh-XXXXXXXXXX)/wincrypt-hv.sock
(setsid -f nohup socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork SOCKET-CONNECT:40:0:x0000x33332222x02000000x00000000 >/dev/null 2>&1)
fi