On Thu, Jun 02, 2016 at 07:47:33PM -0700, Ansis Atteka wrote: > Before this patch OVS refused to connect to a local controller that > had its Unix Domain Socket outside Open vSwitch run directory (e.g. > outside '/var/run/openvswitch/'). > > After this patch this restriction imposed by Open vSwitch itself is > abandoned and OVS should be able to connect to controller's Unix Domain > Sockets anywhere under filesystem.
When I run "netstat -lnx" on my laptop, I see a bunch of listening Unix domain sockets. Some of these listening sockets are security sensitive, such as SSH agents, so it wouldn't be good to have a remote manager be able to point OVS to them: what if a clever person could figure out how to send arbitrary data to them (maybe in a packet-in message somehow?) via OpenFlow. Other examples are dbus and udev sockets. That's my main worry here. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
