client <-> server interaction in C

Gerard Beekmans gerard at linuxfromscratch.org
Tue Nov 22 10:57:42 PST 2005


> Authentication could be handled with a simple command line "--allow 
> [insert IPs here]" like the distccd daemon does, or were you thinking 
> 'command line parsing' to make sure a command like  "rm /" doesn't do 
> any actual damage... Both (in some form) would be prudent. ;-)

An --allow option doesn't prevent IP spoofing and things. I will admit 
the chances of that happening are slim, but it's a bad enough risk to 
have to guard against it.

A good security mechanism would be using SSL certificates but those 
aren't exactly nice to maintain and just adds more complexity.

Basically what I think should be implemented at some time (can be in the 
  future as we don't need to worry about it now but it's good to at 
least have some idea where we're heading with it all) is a way to proof 
to the server that you are authorized. Your IP address may not be 
reliable especially if you have a dynamic one (and restarting all your 
alfs servers is a pain. I rather send a password ala ssh style).

Command line parsing, like you mentioned, is something we should think 
about too. Running "rm -r / usr/src/packagedir" is indeed a bad typo to 
get stuck with. And I'm sure most of us have "been there, done that" at 
least once in our life.

There are other ways around that of course: don't do anything as root, 
except the 'make install' phase and other installation related commands. 
That way you at least guarantee you don't rm -r / by accident.

-- 
Gerard Beekmans

/* If Linux doesn't have the solution, you have the wrong problem */




More information about the alfs-discuss mailing list