xul extension should check ownership of agent's listening socket, where possible
On systems that support it, the current msva-perl parses the contents of @/proc/net/tcp{,6}@ to know who is connecting to it.
It seems that the xul extension should make the same checks to ensure that it's connecting to the peer it thinks it is.
Ideally, the way to do it would be:
open the TCP connection to the agent
examine the state of the connection, including the local port, remote port, and remote IP address
look it up in @/proc/net/tcp@ (or @/proc/net/tcp6@ if it's an IPv6 connection), and verify the ownership of the process
if it's OK, then continue with the rest of the HTTP request.
it's not clear to me if we'll be able to get quite that much under the hood directly from javascript, so it might be simpler to do a slightly racier check:
get the name-to-IP address result somehow
look up the IP address and the target port in @/proc/net/tcp@, looking for a listening connection
verify the uid from that entry
then launch the XMLHttpRequest if it's OK.
There are a couple possible races in the second proposal above:
- the hostname lookup might return different results between steps 1 and 4
- the looked up process might die (and be replaced by a different, possibly-malicious process) between steps 3 and 4
but it's still probably better than nothing.
(from redmine: created on 2010-03-11)
Edited by John Scott