- From: Peter H. Jin <notifications@github.com>
- Date: Tue, 21 Jan 2025 22:54:35 -0800
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/url/issues/577/2606434379@github.com>
> Allowing use of DNS to resolve a URI to a Unix Domain Socket path sounds like a wonderful gift to hand to malevolent actors. Convincing a user to click a link that resolves to a well-known UDS-based service would become commonplace. Regardless of what any RFC says, a URI referring to local resources should look significantly different from one referring to external resources, so that no person and no legacy or naive code could be confused about what transport mechanism is involved in accessing the resource in question. And this is why my solution involves the use of IPv6 link locals without scope id, as opposed to domain names (but domain names may still point to the IPv6 link local addresses), because at least on Linux, they fail to resolve in the network stack by default, however they can still be intercepted and made useful/usable by LD_PRELOAD libraries or eBPF programs. And just to be clear with my last example with "/var/run/whatever.sock", that is not at all suggestive of the intended URI syntax. What I was suggesting was that if there were a URI syntax then an app would have some means of statelessly encoding the Unix domain socket path, whether it's directly embedding the path string, or substituting, escaping, or percent encoding special characters. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/577#issuecomment-2606434379 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/url/issues/577/2606434379@github.com>
Received on Wednesday, 22 January 2025 06:54:39 UTC