On Wed, Jun 22, 2011 at 3:46 PM, Olav Vitters <o...@vitters.nl> wrote: > On Wed, Jun 22, 2011 at 03:39:19PM -0400, Jasper St. Pierre wrote: >> On Wed, Jun 22, 2011 at 3:27 PM, Olav Vitters <o...@vitters.nl> wrote: >> > On Tue, Jun 21, 2011 at 07:12:53PM -0400, Jasper St. Pierre wrote: >> >> As I played around with it, I found the HTTP approach more feasible >> >> and less ugly than the mimetype handler approach. At first I figured >> >> the idea of running a local HTTP server would be a bit ugly, and Owen >> >> thought of some security concerns, but there's nothing too critical >> >> (or unsolvable) that I know of. The only "ugly" thing from a code >> >> perspective is that there's a magic port number: 16269. It's not on >> >> the IANA Registered Ports list, so I doubt there's going to be a >> >> collision. >> > >> > Won't that break down in two cases: >> > 1. Proxy set in the browser >> > User/sysadmin has to explicitly exclude localhost from being proxied >> >> I'm unsure how or why localhost would be proxied. If it's some DNS >> quirk would 127.0.0.1 get around it? If not, is this something we can >> put in the sysadmin documentation? > > Why not? If you put in a proxy setting, everything is proxied, including > localhost, 127.0.0.1, etc. The browser will just connect to the proxy > machine (which is pretty handy btw).
Good to know. > I don't know what the default for 'do not proxy for' is in the various > browsers, but I know I make use of the fact that localhost is proxied. > >> > 2. Multiple users or sessions on the same machine >> > Only the first session can use it. >> >> My idea was that log-out would stop the HTTP daemon for that session >> and open one for the current user. Unless there's a special case (I >> didn't think of virt) where two users can be securely both actively >> having GNOME sessions at the same time, I don't think this is a >> problem. The only security issue I can think of that arises out of >> this compromise is that a user could ssh in to the same machine and >> frob the HTTP server to... install, enable/disable and list extensions >> from the official GNOME3 site. > > That does not seem ideal. If I give someone access to my machine, I > don't want them being able to change anything belonging to my account. I > don't care if it is only official extensions. I just don't think it > should be possible. Er, sorry, the tone came off wrong there -- I agree that it's a serious issue. Owen and I thought of another hack to deal with security, though: We can inspect the port that it was connected from and scrape /proc/net/tcp for the UID, and make sure it matches the one the current section. >> I assume there's no magic way to tie a TCP socket to a user's session >> (paging Dr. Lennart Poettering) > > -- > Regards, > Olav > -- Jasper _______________________________________________ gnome-shell-list mailing list gnome-shell-list@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-shell-list
