On Fri, 2006-04-21 at 13:29 -0400, Ethan Blanton wrote:
> The extra security comes in in that the usher server which listens to
> the outside world and the privileged server cooperate in a very simple
> and well-defined manner (e.g., perhaps the listening server sends
> simply a tuple of {hostname, collection} to the privileged server, and
> receives a port number in return). I believe netsync cannot be
> considered a simple and well-defined manner.
It doesn't actually parse the netsync stream; it considers it an opaque
bytestream and just forwards it to the monotone server.
What it does understand is that the stream starts with a sequence of
[byte] [byte] [size] [size] [host] [size] [pattern]
, which is the only thing it looks at. This is a simple {hostname,
collection} tuple, just with 2 opaque bytes in front of it. (The only
slight complexity is that the sizes are in uleb128 format, instead of
fixed-size integers.)
Really, I'd be more worried about how it handles the server list (since
that code has had crashes in it), which has to be on the secure side.
Tim
_______________________________________________
Monotone-devel mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/monotone-devel
