[Standards] Loopback Authentication

Matthias Wimmer m at tthias.eu
Fri Feb 2 10:42:52 UTC 2007


Dave Cridland schrieb:
> Well, you have to tie in the TCP session with the UNIX session strongly, 
> otherwise some pretty trivial break-ins are caused. For a start, you'd 
> need something similar to dialback, using a cryptographically random 
> code transmitted to the client, probably under encryption, which is then 
> used as a shared secret over the UNIX connection.
> 
> To put it another way, I won't let you borrow my tin opener, you'll get 
> worms all over it.
> 
> I think your gut instinct is wrong here - I think you can just run over 
> UNIX domain sockets. Note that the client doesn't have to send 
> SCM_CREDENTIALS, the server can just retrieve them, so it's really no 
> different to TCP for the client.

+1


Matthias

-- 
Matthias Wimmer      Fon +49-700 77 00 77 70
Züricher Str. 243    Fax +49-89 95 89 91 56
81476 München        http://ma.tthias.eu/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4263 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070202/ad175ebb/attachment.bin>


More information about the Standards mailing list