On Thu, May 17, 2018 at 10:00 AM Erik Kline <e...@google.com> wrote:

> On Thu, 17 May 2018 at 08:17, Michael Richardson <mcr+i...@sandelman.ca>
> wrote:


> > Erik Kline <e...@google.com> wrote:
> >      > In the latter case especially, what becomes clear is that the UE
> needs
> >      > to be able to receive an unsolicited packet.  ICMP is a canonical
> >      > example of receiving and processing an unsolicited packet.  But
it
> >      > could also be something like a UDP socket listening on a well
known
> >      > port that receives a 1-byte datagram, which causes the UE to
enqueue
> >      > (for rate-limiting purposes) a captive API query.

> > On POSIX systems, it's clearly a lot easier to open a UDP socket from an
> > unpriviledged application than to open an ICMP socket.

> > Is this a consideration for you?

> >      >     [3] NetworkMonitor already rate limits requests from
> applications
> >      > to revalidate the network, and these would likely be no different
> (or
> >      > pretty much the same).

> > Or would NetworkMonitor do this anyway, and it has all the priviledges
it
> > needs anyway?

> The fewer privilege escalation points the better, I suppose.  From that
> perspective a UDP socket may be less concerning, but perhaps not by much.
> NetworkMonitor has the appropriate privileges to do the needful,
regardless.

I'll start off by admitting that this is a cheap shot, but:
https://access.redhat.com/security/vulnerabilities/3442151

I'm uncomfortable with the "let's have all machines which might possibly
connect to a network with a captive portal have a daemon listening on a
well-known UDP port" idea. Yes, it is very similar to "let's have all
machines which might possibly connect to a network with a captive portal
have a thingie watching for special ICMP messages", but somehow it feels
very different. Yes, I understand the irony of building networks based on
what makes Warren uncomfortable,  but...

W


> _______________________________________________
> Captive-portals mailing list
> Captive-portals@ietf.org
> https://www.ietf.org/mailman/listinfo/captive-portals



-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
    ---maf

_______________________________________________
Captive-portals mailing list
Captive-portals@ietf.org
https://www.ietf.org/mailman/listinfo/captive-portals

Reply via email to