UNIX domain sockets [was Re: dce/rpc services]
Gerald Carter
gcarter at valinux.com
Wed Aug 23 01:17:11 GMT 2000
Elrond wrote:
>
> (don't know precisely about 445, it is netbios-less, or
> even smb-less? Or what? Luke? (No, I'm no expert in this
Netbiosless CIFS. Supported for TNG and WIn2k
> b) (with a in mind) Let's assume, I want to write a new
> dce/rpc-service. And I also have the client-app for nt4,
> so it will only talk dce/rpc over SMB. How do I add that
> thing to Samba (which is the one, listening on port
> 139)?
You either add the appropriate routines to Samba or you
bind to another interface.
> This does not mean, I'm against DCE/RPC over shared
> libraries, it simply says, I want DCE/RPC over unix-sockets
> _too_.
I understand your point. Luke makes a convincing argument
as well. However, at this point it looks like it is a futile
argument. I am in no position to make a plea for one or the
other as i am not able to articulate the pros and / or cons.
My understanding of Luke's implementation and how
it could (should) work is this...
* The UNIX domain socket is only available to
root processes.
* The daemon should deal only in complete PDUs. Since
the domain socket is only available to root processes,
then any DoS attacks via partial PDUs must be initiated
by root which at that point will be the least of your
worries.
* the only operations necessary in the interface between
the daemons and the smbd (transport agent) is
- write PDU to the daemon
- read PDU from socket
- send credentials
- get credentials
However, I should point out that other people
(besides Andrew) told Luke this was a bad idea
before he ever coded it up. As I said I cannot
articulate the reasons very well. Sorry.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com VA Linux Systems gcarter at valinux.com
http://www.samba.org SAMBA Team jerry at samba.org
http://www.eng.auburn.edu/~cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list