monotone-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] hang on Win32/MinGW with sync file:


From: Matthew Gregan
Subject: Re: [Monotone-devel] hang on Win32/MinGW with sync file:
Date: Tue, 4 Dec 2007 13:48:57 +1300
User-agent: Mutt/1.5.17 (2007-11-01)

At 2007-12-03T19:04:28-0500, Stephen Leake wrote:
> Can you point me to a URL for socketpair.c? I could look at implementing
> it as well.

http://cantrip.org/socketpair.c

> Although I think using sockets would open up a security hole; file: runs
> the server with --no-transport-auth. So for a brief time an external
> machine could attach to the server.

I don't think so.  The listener is bound to localhost and expects exactly
one connection.  The port number is ephemeral.  The other end of the socket
is set up immediately.  Worst case, an attacker can guess the ephemeral port
number and connect to it, but it will just cause socketpair() to return an
error because its own attempt to connect to the listening socket will fail.

Cheers,
-mjg
-- 
Matthew Gregan                     |/
                                  /|                    address@hidden




reply via email to

[Prev in Thread] Current Thread [Next in Thread]