[OTR-users] Pretty-please standardize OTR signature storage, per OS.
Tamme Schichler
tammeschichler at googlemail.com
Tue Sep 10 20:28:09 EDT 2013
Am 11.09.2013 01:03, schrieb Daniel Kahn Gillmor:
> On 09/10/2013 06:50 PM, Tamme Schichler wrote:
>> I just looked at alternatives and it seems that named pipes can have
>> security settings that allow only a certain user to access them. They
>> should otherwise work like a loopback socket, just with a different
>> (better) namespace. I never used them before, so I didn't know about
>> this possibility.
>
> we're talking here about a server process that needs to mediate
> concurrent access with multiple clients. I don't think named pipes are
> the answer. if you're using a unix-domain socket on a modern OS, you
> should be able to use the SO_PEERCRED sockopt to determine (and limit)
> the identity of the connecting peer.
>
> --dkg
>
Named pipes on Windows are the closest equivalent to unix domain sockets
that's available and have the exact security feature that's needed. (see
the last paragraph here:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365600%28v=vs.85%29.aspx
)
Using SO_PEERCRED sounds like a good idea, in case the file system
permissions don't already cover this. The socket location needs to
change between users to avoid collisions anyway, so I think giving it
the same file permissions as the actual database would give as much
security as effective. (I could be mistaken here, as I said before I
don't know that much Unix.)
(I accidentally didn't send this to the list the first time.
-Tamme)
More information about the OTR-users
mailing list