At 2007-12-03T19:04:28-0500, Stephen Leake wrote: > Can you point me to a URL for socketpair.c? I could look at implementing > it as well.
http://cantrip.org/socketpair.c > Although I think using sockets would open up a security hole; file: runs > the server with --no-transport-auth. So for a brief time an external > machine could attach to the server. I don't think so. The listener is bound to localhost and expects exactly one connection. The port number is ephemeral. The other end of the socket is set up immediately. Worst case, an attacker can guess the ephemeral port number and connect to it, but it will just cause socketpair() to return an error because its own attempt to connect to the listening socket will fail. Cheers, -mjg -- Matthew Gregan |/ /| [EMAIL PROTECTED] _______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel
