discuss-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security in the distributed object system


From: Richard Frith-Macdonald
Subject: Re: security in the distributed object system
Date: Mon, 14 Apr 2003 07:05:08 +0100


On Monday, April 14, 2003, at 12:44  am, Derek Zhou wrote:

Hi,
If I understand correctly, gnustep uses tcp for all distributed objects.
So if I vend an object through DO, anybody that knows my protocol and
can make tcp connection to my machine can take over my object.

Anyone can use your object ... normally DO server objects provide
services you want to be public ...

Sounds
like a big remote exploit to me. Even if I reject all remote
connections, there are still local exploits. Am I missing sth here? I am
sure people smarter than me has think about it. So what should I do to
secure my objects? The only way that I can think of is to set a delegate
for the NSConnection and block every message except a "login" message.
But then I need to worry about the exchange of confidentials. Seems not
trivial to me.

1. You can design your server object to only respond to methods you
want to make public.

2 You can impose some sort of login mechanism as you suggest

3. Your delegate can use the authenticationComponents:withData: and
authenticationdataForComponents: methods to authenticate (or even
handle encryption of) all the messages sent over the connection.

Why not to use Unix domain socket instead? Ok, it is not distributed
anymore

Yes that's the *BIG* reason.

 but at least it provide a simple way (file permission) to limit
access to the server. I think a lot of people just want to do fancy
secure IPC. How about provide both (tcp and unix domain) so that
everybody is happy?

There are plans to do that ... but since options 1 and 3 are so easy,
I don't think it's high priority (especially as the use of unix domain
sockets is no protection against local attacks).





reply via email to

[Prev in Thread] Current Thread [Next in Thread]