[ZODB-Dev] ZEO signal feature

[Christian Reis]

On Thu, Sep 26, 2002 at 10:09:01AM +0100, Toby Dickenson wrote:
> > If your machines haven't been root-hacked, these are reasonable
> > expectations.
> 
> This attack definitely doesnt need root access. 
> 
> Any local user can try to create a socket listening on the same port as your 
> zeo server, or stunnel. Of course this attempt will fail if your *real* zeo 
> or stunnel process is already listening..... so the attacker has to wait 
> until either of these services is down.

If you want to avoid this, just run zeo and stunnel in the
root-priviledged port range. Even if they go down, you need root to be
able to start anything in then. How would this be avoided otherwise?

> (assuming your ZEO server is not listening on a low numbered port anyway)

Right, which is a good idea if you want to avoid this. Any server
running on a high port presents this problem :-)

> > Yes, a
> > simple CHAP can be easily implemented, as soon as this is working in
> > basic, we'll turn to using it, since a simple crypt it dumb.
> 
> Nice.
> 
> Have you considered authentication in the other direction; so that the zeo 
> clients can be sure it is talking to an authentic zeo server? 

You can use certificates and stunnel to have this work, I think, though
I haven't tried. Yes, it would be a great feature to implement, though.
I have to think about how this would affect the implementation -- I
guess we'd need a client authentication hook, as well. Any thoughts?

Take care,
--
Christian Reis, Senior Engineer, Async Open Source, Brazil.
http://async.com.br/~kiko/ | [+55 16] 261 2331 | NMFL