Hi Bart, Bart Braem wrote: > Hi Eddie, > > Could you give an example of where this might be useful? I think there > is a large coupling between your system and your router if you need > this, but perhaps I'm mistaken.
It's been useful for me in tests. See the test/ethernet/ARPQuerier-03.testie test, for example. > I personally think it's dangerous, as a ControlSocket has no > authentication at all. For now that's not really a problem because of > the limited capabilities of a router, Ouch ouch ouch! I would NOT think that way! ControlSocket is meant for debugging, and if you have access to ControlSocket you can, for example, stop the router, which is a DoS attack at the least. You can make ControlSocket safe in a couple ways; provide a PROXY, make it READONLY, make it a Unix socket, use something I just checked in, the LOCALHOST option. Nevertheless, I've gone ahead and made the "cat" handler private. Eddie > but it would become more > dangerous. We would have to be very careful not to write any code that > might result in that script being called. Also in new elements... > > On the other hand, if one already runs Click as root, you should know > the implied dangers. > > Regards, > Bart _______________________________________________ click mailing list [email protected] https://amsterdam.lcs.mit.edu/mailman/listinfo/click
