mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-03-16 12:03:03 -05:00
3b51644f2b
This is a Linux-specific trick that I'm quite fond of: I've used it before in 'agedu' and a lot of my unpublished personal scriptery. Suppose you want to run a listening network server in such a way that it can only accept connections from processes under your own control. Often it's not convenient to do this by adding an authentication step to the protocol itself (either because the password management gets hairy or because the protocol is already well defined). The 'right' answer is to switch from TCP to Unix-domain sockets, because then you can use the file permissions on the path leading to the socket inode to ensure that no other user id can connect to it - but that's often inconvenient as well, because if any _client_ of the server is not already prepared to speak AF_UNIX your control then you can only trick it into connecting to an AF_UNIX socket instead of TCP by applying a downstream patch or resorting to LD_PRELOAD shenanigans. But on Linux, there's an alternative shenanigan available, in the form of /proc/net/tcp (or tcp6), which lists every currently active TCP endpoint known to the kernel, and for each one, lists an owning uid. Listen on localhost only. Then, when a connection comes in, look up the far end of it in that file and see if the owning uid is the right one! I've always vaguely wondered if there would be uses for this trick in PuTTY. One potentially useful one might be to protect the listening sockets created by local-to-remote port forwarding. But for the moment, I'm only planning to use it for a less security-critical purpose, which will appear in the next commit.