On 12/13/23 15:03, Joshua M. Clulow via openindiana-discuss wrote:
On Wed, 13 Dec 2023 at 09:24, Carsten Grzemba via openindiana-discuss
<openindiana-discuss@openindiana.org> wrote:
A sock.bind with an normal string works, but not the style with the leading \0.
This is the syntax for abstract sockets on Linux.
I have no idea if abstract sockets would work on Illumos and Python. But how
should work the printer applet on non Linux systems?
You will need to put the socket in a directory with the appropriate permissions.
Note that any user on the system can connect() to a UNIX socket if
they can see the directory entry for it, regardless of the permissions
on the socket entry itself. If the socket server is not using
getpeerucred(3C) or equivalent to inspect the credentials of the
connecting process, you should put the socket in a directory owned by
the user with mode 0700 to prevent connections from unauthorised
processes.
A quick look at the applet.py code shows that it creates the bound
socket as a lock (to prevent multiple instances from running as the same
user) but never uses it for anything or passes it to anything outside
the "__main__" block.
So there's no need to prevent connections - the daemon will never call
sock.accept()
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss
