[OpenIndiana-discuss] Python abstact socket and config printer applet.py
Bill Sommerfeld
sommerfeld at hamachi.org
Wed Dec 13 23:08:13 UTC 2023
On 12/13/23 15:03, Joshua M. Clulow via openindiana-discuss wrote:
> On Wed, 13 Dec 2023 at 09:24, Carsten Grzemba via openindiana-discuss
> <openindiana-discuss at openindiana.org> wrote:
>> A sock.bind with an normal string works, but not the style with the leading \0. This is the syntax for abstract sockets on Linux.
>> I have no idea if abstract sockets would work on Illumos and Python. But how should work the printer applet on non Linux systems?
>
> You will need to put the socket in a directory with the appropriate permissions.
>
> Note that any user on the system can connect() to a UNIX socket if
> they can see the directory entry for it, regardless of the permissions
> on the socket entry itself. If the socket server is not using
> getpeerucred(3C) or equivalent to inspect the credentials of the
> connecting process, you should put the socket in a directory owned by
> the user with mode 0700 to prevent connections from unauthorised
> processes.
A quick look at the applet.py code shows that it creates the bound
socket as a lock (to prevent multiple instances from running as the same
user) but never uses it for anything or passes it to anything outside
the "__main__" block.
So there's no need to prevent connections - the daemon will never call
sock.accept()
More information about the openindiana-discuss
mailing list