[OpenIndiana-discuss] Python abstact socket and config printer applet.py

Bill Sommerfeld sommerfeld at hamachi.org
Wed Dec 13 23:08:13 UTC 2023


On 12/13/23 15:03, Joshua M. Clulow via openindiana-discuss wrote:
> On Wed, 13 Dec 2023 at 09:24, Carsten Grzemba via openindiana-discuss
> <openindiana-discuss at openindiana.org> wrote:
>> A sock.bind with an normal string works, but not the style with the leading \0. This is the syntax for abstract sockets on Linux.
>> I have no idea if abstract sockets would work on Illumos and Python. But how should work the printer applet on non Linux systems?
> 
> You will need to put the socket in a directory with the appropriate permissions.
> 
> Note that any user on the system can connect() to a UNIX socket if
> they can see the directory entry for it, regardless of the permissions
> on the socket entry itself.  If the socket server is not using
> getpeerucred(3C) or equivalent to inspect the credentials of the
> connecting process, you should put the socket in a directory owned by
> the user with mode 0700 to prevent connections from unauthorised
> processes.

A quick look at the applet.py code shows that it creates the bound 
socket as a lock (to prevent multiple instances from running as the same 
user) but never uses it for anything or passes it to anything outside 
the "__main__" block.

So there's no need to prevent connections - the daemon will never call 
sock.accept()




More information about the openindiana-discuss mailing list