[bind10-dev] control channels
Francis Dupont
fdupont at isc.org
Thu Apr 7 10:10:31 UTC 2011
Control channels aka libcc relies on a local (aka PF_UNIX) socket.
IMHO this is mainly because this implies local communications only
so no "remote" security issue.
I had exactly the same issue for AFTR but I solved it in a more open way:
AFTR supports control channels over a PF_UNIX stream socket, TCP/IP
(both v4 and v6) socket and can inherit of the stdin/out/err in debug
mode. The security is handled by binding TCP/IP service sockets to
127.0.0.1 or ::1 so communications are restricted to be local too.
I suggest the same design for lib/cc, i.e., use more than asio::local.
As it is critical for Windows support, IMHO this should get a high
priority. BTW it is pretty easy to do, the main issue is to choose
a port number (I use 1015, i.e., 0x0a0f, for AFTR. The fact it is
privileged is not a feature, the AFTR daemon must be run as root
for other reasons).
Regards
Francis Dupont <fdupont at isc.org>
More information about the bind10-dev
mailing list