Re: [whatwg/url] Addressing HTTP servers over Unix domain sockets (#577) from Gabriel Corona on 2023-12-11 (public-webapps-github@w3.org from December 2023)

From: Gabriel Corona <notifications@github.com>
Date: Sun, 10 Dec 2023 23:30:15 -0800
To: whatwg/url <url@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/url/issues/577/1849468089@github.com>

>  Or is the idea that the service hosting the domain socket needs to opt-in. 

Yes.

One motivation of OP was access control:

> Access control. Even if the service is diligent only to bind to localhost, TCP still allows any (non-sandboxed) process or user on the machine to connect. Any access control has to be implemented by the service itself, which often involves implementing (hopefully with sufficient security) its own password authentication mechanism.

However, in order to increase the security of some local application (reduction of the attack surface, rely on implicit authentication through UID and filesystem access control), this might end-up:

* *increasing* the attack surface of already existing services;
* undermining the implicit authentication through UID and filesystem access control of already existing services (confused deputy problem).


-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/url/issues/577#issuecomment-1849468089
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/url/issues/577/1849468089@github.com>

Received on Monday, 11 December 2023 07:30:22 UTC