On Mon, Dec 03, 2007 at 07:04:28PM -0500, Stephen Leake wrote: > Although I think using sockets would open up a security hole; file: > runs the server with --no-transport-auth. So for a brief time an > external machine could attach to the server.
Surely win32 sockets can be bound to loopback, so only local processes can connect? That doesn't *fully* close the hole, but it helps. What would fully close the hole would be to generate a random nonce, and send it over the socket as the first thing we do -- since we hold both ends of the socket, we know what random nonce to expect, but no-one else would. This could be fully hidden within the "socketpair" code (i.e., it would transmit and receive the nonce to check the connection before returning the sockets). -- Nathaniel -- Eternity is very long, especially towards the end. -- Woody Allen _______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel
