On 04/14/13 16:42, Bill Trost wrote: > Colin Percival wrote: > On 04/14/13 16:02, Bill Trost wrote: > > Below is a quick hack to eliminate the socket pair used to > > pushbits in the case that file descriptor 0 really is a socket. > > Interesting -- do you have a use case where this optimization > is likely to matter? It seems to me that this is only relevant > if you are pushing a very large number of bits through; and > even then, I'd expect the cryptographic work to overwhelm the > data-copying and keep the speedup from this to a minimum. > > I agree. My plan was to use this between thunderbird and an > spipe connection to my IMAP client, using a little wrapper > around spipe to verify that the connecting client has the > same user ID as the wrapper. It seemed easier than trying to > convince thunderbird to connect to a unix-domain socket....
I take it you're on a multi-user system? I use spiped to protect connections from my laptop to my POP3 server, but I'm the only user on my laptop (by which I mean "human", not uid), and my POP3 account has a password on it anyway, so I'm not too concerned about checking which uid is connecting to 127.0.0.1:110. > > [...] > > /* Set up a connection. */ > > - if (proto_conn_create(s[1], sas_t, 0, opt_f, K, opt_o, > > + if (proto_conn_create(socket0 ? 0 : s[1], sas_t, 0, opt_f, K, > opt_o, > > This is a bug.... In some cases spipe will be called with > descriptors 0 and 1 being the same socket, but not always... > > Wow, talk about obscure use cases! :-) > > Yeah, I can see where someone might want to do that. OK, never > mind, I never claimed it was a particularly good idea.... Actually, I like this idea -- it just needs a bit more work. :-) -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
