[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] hang on Win32/MinGW with sync file:
|
From: |
Matthew Gregan |
|
Subject: |
Re: [Monotone-devel] hang on Win32/MinGW with sync file: |
|
Date: |
Tue, 4 Dec 2007 13:48:57 +1300 |
|
User-agent: |
Mutt/1.5.17 (2007-11-01) |
At 2007-12-03T19:04:28-0500, Stephen Leake wrote:
> Can you point me to a URL for socketpair.c? I could look at implementing
> it as well.
http://cantrip.org/socketpair.c
> Although I think using sockets would open up a security hole; file: runs
> the server with --no-transport-auth. So for a brief time an external
> machine could attach to the server.
I don't think so. The listener is bound to localhost and expects exactly
one connection. The port number is ephemeral. The other end of the socket
is set up immediately. Worst case, an attacker can guess the ephemeral port
number and connect to it, but it will just cause socketpair() to return an
error because its own attempt to connect to the listening socket will fail.
Cheers,
-mjg
--
Matthew Gregan |/
/| address@hidden
- [Monotone-devel] hang on Win32/MinGW with sync file:, Stephen Leake, 2007/12/02
- Re: [Monotone-devel] hang on Win32/MinGW with sync file:, Stephen Leake, 2007/12/04
- Re: [Monotone-devel] hang on Win32/MinGW with sync file:, Matthew Gregan, 2007/12/04
- Re: [Monotone-devel] hang on Win32/MinGW with sync file:, Zack Weinberg, 2007/12/04
- Re: [Monotone-devel] hang on Win32/MinGW with sync file:, Matthew Gregan, 2007/12/04
- Re: [Monotone-devel] hang on Win32/MinGW with sync file:, Zack Weinberg, 2007/12/04
- Re: [Monotone-devel] hang on Win32/MinGW with sync file:, Stephen Leake, 2007/12/04
- Re: [Monotone-devel] hang on Win32/MinGW with sync file:, Zack Weinberg, 2007/12/04
- Re: [Monotone-devel] hang on Win32/MinGW with sync file:, Matthew Gregan, 2007/12/04