Re: Unix-domain sockets - abstract addresses

From: kuznet@ms2.inr.ac.ru
Date: Fri Aug 09 2002 - 11:15:56 EST


Hello!

> Why is the address not generated for 'security & compatibility' reasons?

Compatibility: traditional unix domain sockets are not autobound.
So request for binding must be explicit. SO_RECVCRED, being not present
in traditional api, is consifered as such request, at least it indicates
that you are going to receive something.

Security: interlopers are not able to send to socket which has no address,
except for case when peering was established explicitly f.e. with socketpair().
Actually, (almost) simultaneously with possibility to autobind another
check was added which relieves this security issue: namely, if socket
A is connected to B, we reject all the sends to A from anywhere except for B.
However the problem remains f.e. for the case when socket A was disconnected
due to temporary shutdown of B.

> PF_INET/SOCK_DGRAM. From an interface point of view, they are very similar

The difference is that UDP does not provide any kind of security at all.
Unix domain sockets do and used exactly in circumstances when it is important.

> However, there is still an inconsistency.

Yes. I am not sure, what is right. Most likely, my patchlet was wrong.
Need to compare with another OSes.

Alexey

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Aug 15 2002 - 22:00:19 EST