[Click] Question: Script "cat" handler considered dangerous?
Eddie Kohler
kohler at cs.ucla.edu
Tue Jun 17 13:27:12 EDT 2008
Hi Bart,
Bart Braem wrote:
> Hi Eddie,
>
> Could you give an example of where this might be useful? I think there
> is a large coupling between your system and your router if you need
> this, but perhaps I'm mistaken.
It's been useful for me in tests. See the
test/ethernet/ARPQuerier-03.testie test, for example.
> I personally think it's dangerous, as a ControlSocket has no
> authentication at all. For now that's not really a problem because of
> the limited capabilities of a router,
Ouch ouch ouch! I would NOT think that way! ControlSocket is meant for
debugging, and if you have access to ControlSocket you can, for example,
stop the router, which is a DoS attack at the least. You can make
ControlSocket safe in a couple ways; provide a PROXY, make it READONLY,
make it a Unix socket, use something I just checked in, the LOCALHOST
option.
Nevertheless, I've gone ahead and made the "cat" handler private.
Eddie
> but it would become more
> dangerous. We would have to be very careful not to write any code that
> might result in that script being called. Also in new elements...
>
> On the other hand, if one already runs Click as root, you should know
> the implied dangers.
>
> Regards,
> Bart
More information about the click
mailing list