UNIX domain sockets [was Re: dce/rpc services]

Gerald Carter gcarter at valinux.com
Wed Aug 23 01:17:11 GMT 2000 

Elrond wrote:
> 
> (don't know precisely about 445, it is netbios-less, or
> even smb-less? Or what? Luke? (No, I'm no expert in this

Netbiosless CIFS.  Supported for TNG and WIn2k


> b) (with a in mind) Let's assume, I want to write a new
>    dce/rpc-service. And I also have the client-app for nt4,
>    so it will only talk dce/rpc over SMB. How do I add that
>    thing to Samba (which is the one, listening on port
>    139)?

You either add the appropriate routines to Samba or you
bind to another interface.


> This does not mean, I'm against DCE/RPC over shared
> libraries, it simply says, I want DCE/RPC over unix-sockets
> _too_.

I understand your point.  Luke makes a convincing argument
as well.  However, at this point it looks like it is a futile
argument.  I am in no position to make a plea for one or the 
other as i am not able to articulate the pros and / or cons.

My understanding of Luke's implementation and how 
it could (should) work is this...

  * The UNIX domain socket is only available to 
    root processes.
  * The daemon should deal only in complete PDUs.  Since 
    the domain socket is only available to root processes,
    then any DoS attacks via partial PDUs must be initiated 
    by root which at that point will be the least of your 
    worries.
  * the only operations necessary in the interface between
    the daemons and the smbd (transport agent) is 
    - write PDU to the daemon
    - read PDU from socket
    - send credentials
    - get credentials

However, I should point out that other people 
(besides Andrew) told Luke this was a bad idea 
before he ever coded it up.  As I said I cannot 
articulate the reasons very well.  Sorry.






Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter at valinux.com
       http://www.samba.org       SAMBA Team           jerry at samba.org
       http://www.eng.auburn.edu/~cartegw

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list