Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tpmd to listen on a privileged port #3

Open
alban opened this issue Jan 19, 2016 · 3 comments
Open

tpmd to listen on a privileged port #3

alban opened this issue Jan 19, 2016 · 3 comments

Comments

@alban
Copy link

alban commented Jan 19, 2016

At the moment, unprivileged users can bind on the tcp port before tpmd is started. That could DoS tpmclient.

See rkt/rkt#1816
@alban alban mentioned this issue Jan 19, 2016
Closed
@alban
Copy link
Author

alban commented Jan 20, 2016

/cc @mjg59 @jonboulle

@alban alban mentioned this issue Jan 20, 2016
Merged
@jonboulle
Copy link
Contributor

I don't quite understand what you want here. To have it listen on a fixed port and remove the option of configuring it?

@alban
Copy link
Author

alban commented Jan 21, 2016

oh, I forgot that the port was configurable. I think it is fine to be configurable.

Then the suggestion is to pick a port < 1024, document it and write it in tpmd.service. Then, get rkt to use that port. So, non-root processes cannot steal that port.

Or, if rkt does not use tpmd over a network, we could add an additional option in tpmd to listen on a socket file in /run/tpmd/tpmd.socket (with /run/tpmd/ only writeable by root).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alban @jonboulle