[uml-devel] [RFE] con=port

[uml-devel] [RFE] con=port

[Sven Köhler]

Hi,

it seem that one has to use con=port:<number> to have UML listening on a 
TCP/IP-port. UML also seems to bind to 0.0.0.0
I'd like UML to bind on 127.0.0.1 only and to bind the socket to a free 
port chosen by the TCP/IP-stack.

i would than do "con=port" and UML would bind each console to another 
TCP/IP-Port. I should than be abled to use mconsole to query which the 
port-number con1-9 are using.

Another point is, that "con1=port:9000" doesn't seem to work with a 
2.6.4-um1 kernel. I was abled to connect with telnet, but no matter 
which key i pressed, i saw nothing. In additon, the mconsole didn't 
work. I could attach mconsole to the UML, but any command blocked and 
never returned to the prompt again.

Another point would be security. Even if UML only binds to 127.0.0.1, 
the port is accessable by any user logged in. But i have no clever idea 
for that.



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

Re: [uml-devel] [RFE] con=port

[Henrik Nordstrom]

On Wed, 24 Mar 2004, [ISO-8859-15] Sven Köhler wrote:

> Another point would be security. Even if UML only binds to 127.0.0.1, 
> the port is accessable by any user logged in. But i have no clever idea 
> for that.

The solution to that is to not use TCP. Use named pipes instead.

Regards
Henrik



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id\x1470&alloc_id638&opÌk
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

Re: [uml-devel] [RFE] con=port

[Sven Köhler]

>>Another point would be security. Even if UML only binds to 127.0.0.1, 
>>the port is accessable by any user logged in. But i have no clever idea 
>>for that.
> 
> The solution to that is to not use TCP. Use named pipes instead.

But that limits the clients to Applications that support named pipes. I 
think telnet doesn't, and the Java-Application that i had in mind 
wouldn't too.


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

Re: [uml-devel] [RFE] con=port

[Henrik Nordstrom]

On Wed, 24 Mar 2004, Sven Köhler wrote:

> But that limits the clients to Applications that support named pipes. I 
> think telnet doesn't, and the Java-Application that i had in mind 
> wouldn't too.

TCP does not have any access controls other than IP. If you need further
low-level access controls then you need to use a scheme which has access
controls such as UNIX domain sockets or named pipes.

Fair?

Regards
Henrik



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id\x1470&alloc_id638&opÌk
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

Re: [uml-devel] [RFE] con=port

[roland]

hi !
i think specifying a tcp-port on a commandline should generally be possible by specifying the interface adress,too.

let`s say - you have a tcp listening port at "xxxx"
ok - here we go - but what, if we have a host with multiple interfaces?

this port "xxxx" can be opened for listening on

ALL
ONE
or
SEVERAL

of them.

this is completely independend - but many apps just blindly bind to 0.0.0.0, which means "ALL".
not a very flexible thing (and from the point of security: insecure!), but it`s easier for the programmer - this must be the reason,
why we have 0.0.0.0 that often.

i like applications, which let me say: use port xxxx on interface (ip) W.X.Y.Z,
i.e. instead of "port=6000"  i would like  "port=127.0.0.1:6000,10.0.0.1:6000"

apache does, samba does (via config-files) - and many other apps do.

i had such "controversial" discussion a while ago on Xfree86: http://marc.theaimsgroup.com/?t=106900961500001&r=1&w=2

regards
roland



----- Original Message ----- 
From: "Sven Köhler" <skoehler@upb.de>
To: <user-mode-linux-devel@lists.sourceforge.net>
Sent: Wednesday, March 24, 2004 7:39 PM
Subject: [uml-devel] [RFE] con=port


> Hi,
>
> it seem that one has to use con=port:<number> to have UML listening on a
> TCP/IP-port. UML also seems to bind to 0.0.0.0
> I'd like UML to bind on 127.0.0.1 only and to bind the socket to a free
> port chosen by the TCP/IP-stack.
>
> i would than do "con=port" and UML would bind each console to another
> TCP/IP-Port. I should than be abled to use mconsole to query which the
> port-number con1-9 are using.
>
> Another point is, that "con1=port:9000" doesn't seem to work with a
> 2.6.4-um1 kernel. I was abled to connect with telnet, but no matter
> which key i pressed, i saw nothing. In additon, the mconsole didn't
> work. I could attach mconsole to the UML, but any command blocked and
> never returned to the prompt again.
>
> Another point would be security. Even if UML only binds to 127.0.0.1,
> the port is accessable by any user logged in. But i have no clever idea
> for that.
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> User-mode-linux-devel mailing list
> User-mode-linux-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
>



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

Re: [uml-devel] [RFE] con=port

[Henrik Nordstrom]

On Wed, 24 Mar 2004, roland wrote:

> hi ! i think specifying a tcp-port on a commandline should generally be
> possible by specifying the interface adress,too.

Agreed, and is pretty trivial to add. see port_init and port_listen_fd in 
arch/um/drivers/port_user.c.

Regards
Henrik



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel