Moving the agent's socket to /var/run ?
Daiki Ueno
ueno at gnu.org
Wed Feb 24 03:41:48 CET 2016
Kristian Fiskerstrand <kristian.fiskerstrand at sumptuouscapital.com>
writes:
> On 02/24/2016 12:15 AM, Bertrand Jacquin wrote:
>> Hi,
>>
>> What about using abstract sockets ?
>>
>> These sockets are the same as Unix sockets except that there's no
>> need for any filesystem access. The address may be whatever string
>> both sides agree upon. This can be really convenient for
>> inter-process communications. Also, there is no need to take care
>> about permissions. Technically it's like a Unix socket with a zero
>> in the first byte of the address.
>>
>> abstract namespace were introduced with Linux. See man 7 unix.
>
> I'm asking because I'm not familiar with abstract sockets but. Ok, its
> implemented in Linux, but is it portable? is it POSIX? How would this
> work with socket forwarading over SSH for gpg-agent ?
In addition to portability, abstract sockets cannot take advantage of
file system based access control, and require client authentication (I
recall I got a CVE regarding this). I would rather not mess with it.
Regards,
--
Daiki Ueno
More information about the Gnupg-devel
mailing list