Hi Dave,
----- Original Message -----
> On 08/07/2013 10:30 PM, Nathan Scott wrote:
> > ... so we appear to be no longer enforcing the host-based access control
> > for unix domain socket connections. I think we need to do that, in the
> > same way we did for "-h localhost", but its worth discussing more widely
> > as others may not think so (can we control local pmcd over-subscription
> > without this?).
> I'm not surprised to see this. I recall asking on IRC whether we needed
> to do this, but the response was that something along the lines that
> equivalent access control would somehow be provided via the
> authentication protocol. Perhaps I did not ask the question clearly
> enough at the time.
I completely missed the significance of your question/comment back
there, sorry.
> So, as a result, there has been no effort made to provide host based
> access controls for the unix domain socket.
> >
> > Digging into the code a bit, looks like we avoid having the same access
> > rules as apply to localhost because __pmSockAddrIsLoopBack returns false
> > for af_unix sockets. Call chain there from pmcd to libpcp is:
> > __pmAccAddClient -> getClientIds -> __pmSockAddrIsLoopBack ... which is
> > gonna send us down a different path to the /* Map "localhost" to the real
> > IP addresses. */ path we would've travelled before.
> This special handling of localhost has also been questioned in
> http://oss.sgi.com/bugzilla/show_bug.cgi?id=982, so we should keep this
> in mind when discussing this issue.
Yep, that little chestnut is gonna need some attention soon. I think
treating localhost and unix: in the same way wrt hostname will be the
best bet though (whatever way that ends up being, they should both do
the same thing, IOW - I think).
> The name __pmSockAddrIsLoopBack() is pretty specific in what it claims
> to identify. Unless changing the name is still ok, we would probably
> need a new function to use in conjunction with it. Something like
> __pmAddrIsLocal(), although the term local seems to be becoming more and
> more overloaded.
Yeah :( New API seems the way to go, possibly calling the old API and
adding unix domain goodies/extras in the new one too.
> Because we now use the __pm*() API to manipulate addresses using the
> __pmSockAddr type, with a little additional parsing, it should be
> relatively easy to support "local:[//][PATH]" and "unix:[//][PATH]" as
> host access specifiers in the same way as we support hostnames, inet and
> ipv6 addresses. These would also be covered by the '*' wildcard. We
> should probably also support some sort of specific wildcarding for these
> along the lines of "local:[//]*" and local:[//]partial/path/*". The same
> would apply for "unix:".
*nod* - all sounds good to me.
cheers.
--
Nathan
|