在没有root的UNIX套接字连接上进行窃听

时间:2021-10-10 21:26:11

Let's say a server is running and listening on /var/run/some-socket.sock. And /var/run/some-socket.sock has owner root and group root.

假设服务器正在运行并正在侦听/var/run/some-socket.sock。 /var/run/some-socket.sock拥有所有者root和group root。

Is it possible for program B that does not run under root to eavesdrop on writes/reads from program A to the socket? How can I prevent program B from eavesdropping on connection from A?

不能在root下运行的程序B是否有可能窃听从程序A到套接字的写入/读取?如何防止程序B窃听来自A的连接?

1 个解决方案

#1


0  

In general, no.

一般来说,没有。

Sockets aren't files, and .sock files aren't sockets. Sockets are in-memory constructs that can be accessed by two processes that have established a connection. Each process can read and write to the socket construct as if it were a file, and so communicate. This socket "file" only exists as an abstraction in memory; it is never written to disk.

套接字不是文件,.sock文件不是套接字。套接字是内存中构造,可以由已建立连接的两个进程访问。每个进程都可以读取和写入套接字构造,就像它是一个文件一样,因此进行通信。这个套接字“文件”只作为内存中的抽象存在;它永远不会写入磁盘。

However, a process wishing to open a socket to another program needs some way of communicating with the other program so they can establish a socket and communicate. Naturally, this poses something of a problem. .sock files are one way around this problem. They represent an address that a process, in this case A, is listening on. If another process, like B, attempts to open a socket to the .sock file, the operating system will pass a connection request to A. If A is actually listening to that address, and accepts the connection, then A and B can set up a socket connection and communicate.

但是,希望打开另一个程序的套接字的进程需要某种方式与其他程序通信,以便它们可以建立套接字并进行通信。当然,这会带来一些问题。 .sock文件是解决这个问题的一种方法。它们代表一个进程(在本例中为A)正在侦听的地址。如果另一个进程(如B)尝试打开.sock文件的套接字,则操作系统会将连接请求传递给A.如果A实际上正在侦听该地址并接受连接,那么A和B可以设置套接字连接和通信。

Of course, if the socket represents a connection to an external network, i.e. an internet connection, then it is possible to eavesdrop on what is being sent over the interface used for that connection. Wireshark and tcpdump can do this.

当然,如果套接字表示与外部网络的连接,即互联网连接,则可以窃听通过用于该连接的接口发送的内容。 Wireshark和tcpdump可以做到这一点。

#1


0  

In general, no.

一般来说,没有。

Sockets aren't files, and .sock files aren't sockets. Sockets are in-memory constructs that can be accessed by two processes that have established a connection. Each process can read and write to the socket construct as if it were a file, and so communicate. This socket "file" only exists as an abstraction in memory; it is never written to disk.

套接字不是文件,.sock文件不是套接字。套接字是内存中构造,可以由已建立连接的两个进程访问。每个进程都可以读取和写入套接字构造,就像它是一个文件一样,因此进行通信。这个套接字“文件”只作为内存中的抽象存在;它永远不会写入磁盘。

However, a process wishing to open a socket to another program needs some way of communicating with the other program so they can establish a socket and communicate. Naturally, this poses something of a problem. .sock files are one way around this problem. They represent an address that a process, in this case A, is listening on. If another process, like B, attempts to open a socket to the .sock file, the operating system will pass a connection request to A. If A is actually listening to that address, and accepts the connection, then A and B can set up a socket connection and communicate.

但是,希望打开另一个程序的套接字的进程需要某种方式与其他程序通信,以便它们可以建立套接字并进行通信。当然,这会带来一些问题。 .sock文件是解决这个问题的一种方法。它们代表一个进程(在本例中为A)正在侦听的地址。如果另一个进程(如B)尝试打开.sock文件的套接字,则操作系统会将连接请求传递给A.如果A实际上正在侦听该地址并接受连接,那么A和B可以设置套接字连接和通信。

Of course, if the socket represents a connection to an external network, i.e. an internet connection, then it is possible to eavesdrop on what is being sent over the interface used for that connection. Wireshark and tcpdump can do this.

当然,如果套接字表示与外部网络的连接,即互联网连接,则可以窃听通过用于该连接的接口发送的内容。 Wireshark和tcpdump可以做到这一点。