Commit 17e28cb1 authored by Simon McVittie's avatar Simon McVittie

spec: Don't claim that the nonce-tcp transport is "secured"

Like the normal TCP transport, it has no confidentiality or integrity
protection. The only difference is that it adds an extra layer of
authentication.

However, this extra authentication is easily defeated if an attacker
could be eavesdropping on the link between client and server (unlike
DBUS_COOKIE_SHA1, which for all its flaws does at least protect the
confidentiality of the magic cookie).

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker's avatarRalf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
parent 20128fa6
......@@ -3785,8 +3785,8 @@
<sect2 id="transports-nonce-tcp-sockets">
<title>Nonce-secured TCP Sockets</title>
<para>
The nonce-tcp transport provides a secured TCP transport, using a
simple authentication mechanism to ensure that only clients with read
The nonce-tcp transport provides a modified TCP transport using a
simple authentication mechanism, to ensure that only clients with read
access to a certain location in the filesystem can connect to the server.
The server writes a secret, the nonce, to a file and an incoming client
connection is only accepted if the client sends the nonce right after
......@@ -3805,13 +3805,13 @@
read bytes do not match the nonce stored in the nonce file, the
server MUST immediately drop the connection.
If the nonce match the received byte sequence, the client is accepted
and the transport behaves like an unsecured tcp transport.
and the transport behaves like an ordinary tcp transport.
</para>
<para>
After a successful connect to the server socket, the client MUST read
the nonce from the file published by the server via the noncefile=
key-value pair and send it over the socket. After that, the
transport behaves like an unsecured tcp transport.
transport behaves like an ordinary tcp transport.
</para>
<para>
All nonce-tcp addresses are listenable. nonce-tcp addresses in which
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment