Use Named Sockets

Registered by John A Meinel

Currently bzr-service uses a local port (11111). Which means that anyone on that machine can bind to that port and run commands as that user.

It also means that you can't have multiple versions of the server running for different users.

A simple fix would be to switch to using a unix named socket in /tmp, with appropriate permissions. (/tmp/tmdir-xxxx/socket.py all chmod go-rwx).

Originally I avoided unix sockets because I wanted to support Windows. But:

1) Win32 doesn't have os.fork(), cygwin does, but cygwin also has unix sockets.

2) We could use named pipes for windows instead

Another problem, though, is how to tell the client where to connect. The standard methods for "agents" are to use an environment variable. But as env vars are only inherited to children processes, this means that they need to be started as part of the initial startup, so they can be passed around.

Especially considering the current limitations of having interactive actions occurring in the original terminal, it isn't always feasible to do so.

However 'gpg-agent' has the ability to '--use-standard-socket' which puts a socket in ~/.gnupg/S.gpg-agent. I'll probably follow this model.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.