On Tue, Dec 04, 2007 at 01:48:57PM +1300, Matthew Gregan wrote: > I don't think so. The listener is bound to localhost and expects exactly > one connection. The port number is ephemeral. The other end of the socket > is set up immediately. Worst case, an attacker can guess the ephemeral port > number and connect to it, but it will just cause socketpair() to return an > error because its own attempt to connect to the listening socket will fail.
Oh yeah, that works too... -- Nathaniel -- "If you can explain how you do something, then you're very very bad at it." -- John Hopfield _______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel