client <-> server interaction in C
gerard at linuxfromscratch.org
Tue Nov 22 10:57:42 PST 2005
> Authentication could be handled with a simple command line "--allow
> [insert IPs here]" like the distccd daemon does, or were you thinking
> 'command line parsing' to make sure a command like "rm /" doesn't do
> any actual damage... Both (in some form) would be prudent. ;-)
An --allow option doesn't prevent IP spoofing and things. I will admit
the chances of that happening are slim, but it's a bad enough risk to
have to guard against it.
A good security mechanism would be using SSL certificates but those
aren't exactly nice to maintain and just adds more complexity.
Basically what I think should be implemented at some time (can be in the
future as we don't need to worry about it now but it's good to at
least have some idea where we're heading with it all) is a way to proof
to the server that you are authorized. Your IP address may not be
reliable especially if you have a dynamic one (and restarting all your
alfs servers is a pain. I rather send a password ala ssh style).
Command line parsing, like you mentioned, is something we should think
about too. Running "rm -r / usr/src/packagedir" is indeed a bad typo to
get stuck with. And I'm sure most of us have "been there, done that" at
least once in our life.
There are other ways around that of course: don't do anything as root,
except the 'make install' phase and other installation related commands.
That way you at least guarantee you don't rm -r / by accident.
/* If Linux doesn't have the solution, you have the wrong problem */
More information about the alfs-discuss