You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
oh, I forgot that the port was configurable. I think it is fine to be configurable.
Then the suggestion is to pick a port < 1024, document it and write it in tpmd.service. Then, get rkt to use that port. So, non-root processes cannot steal that port.
Or, if rkt does not use tpmd over a network, we could add an additional option in tpmd to listen on a socket file in /run/tpmd/tpmd.socket (with /run/tpmd/ only writeable by root).
At the moment, unprivileged users can bind on the tcp port before tpmd is started. That could DoS tpmclient.
See rkt/rkt#1816
The text was updated successfully, but these errors were encountered: