On Thu Mar 13, 2014 at 14:46:37 +0100, Ulric Eriksson wrote: > The control socket and the configuration file use the exact same > syntax by design.
I see that is currently the case, yes.. > If it is impossible or impractical to limit > access to the socket, the same level of control over a running Pen > can be accomplished from localhost by editing the config and an > old-fashioned HUP. While this is true, and people are free to run things as they wish, I've been assuming a root-owned configuration file & init script. So an unprivileged local user wouldn't be able to either reload or edit the config. > A password would imply that the protocol is safe, which it > obviously isn't - it is plain text over tcp. I don't see the connection there. You might express it in reverse "Because the control socket allows 'unsafe things' a password proves you have legitimate reason to talk to/with it." > A Unix-domain control socket is a trivial change which wouldn't > break anything but allow much more fine-grained control over who > has access from localhost. A brilliant idea which I congratulate > myself on. Actually that didn't occur to me, but as you say it is a lovely solution. Root could start the deamon with the socket having mode 600 and local users wouldn't be able to do bad things with it, similarly a local user could have ~/.pen.sock and they'd be safe against other local users - but not root, of course. Use a domain-socket and I think things become much tighter. Great idea! Steve -- Let me steal your soul? http://stolen-souls.com -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
