[Standards] Loopback Authentication
Matthias Wimmer
m at tthias.eu
Fri Feb 2 04:42:52 CST 2007
Dave Cridland schrieb:
> Well, you have to tie in the TCP session with the UNIX session strongly,
> otherwise some pretty trivial break-ins are caused. For a start, you'd
> need something similar to dialback, using a cryptographically random
> code transmitted to the client, probably under encryption, which is then
> used as a shared secret over the UNIX connection.
>
> To put it another way, I won't let you borrow my tin opener, you'll get
> worms all over it.
>
> I think your gut instinct is wrong here - I think you can just run over
> UNIX domain sockets. Note that the client doesn't have to send
> SCM_CREDENTIALS, the server can just retrieve them, so it's really no
> different to TCP for the client.
+1
Matthias
--
Matthias Wimmer Fon +49-700 77 00 77 70
Züricher Str. 243 Fax +49-89 95 89 91 56
81476 München http://ma.tthias.eu/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4263 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20070202/ad175ebb/smime.bin
More information about the Standards
mailing list