[Standards] Loopback Authentication
m at tthias.eu
Fri Feb 2 10:42:52 UTC 2007
Dave Cridland schrieb:
> Well, you have to tie in the TCP session with the UNIX session strongly,
> otherwise some pretty trivial break-ins are caused. For a start, you'd
> need something similar to dialback, using a cryptographically random
> code transmitted to the client, probably under encryption, which is then
> used as a shared secret over the UNIX connection.
> To put it another way, I won't let you borrow my tin opener, you'll get
> worms all over it.
> I think your gut instinct is wrong here - I think you can just run over
> UNIX domain sockets. Note that the client doesn't have to send
> SCM_CREDENTIALS, the server can just retrieve them, so it's really no
> different to TCP for the client.
Matthias Wimmer Fon +49-700 77 00 77 70
Züricher Str. 243 Fax +49-89 95 89 91 56
81476 München http://ma.tthias.eu/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4263 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards