Feature #1079
Consider supporting unix socket as a transport between core and client
0%
Description
This is a wishlist bug. I'd like to be able to use an unix socket between core and client. I might take a look at how to implement this but I thought it'd be a good idea to report it here before doing any work.
Advantages:
1) I don't need to worry about passwords. I can use filesystem permissions to make sure that only my own user account can access the socket (it could be named $HOME/.quassel/socket for example). No other user can connect and try a dictionary based attack against the password.
2) I don't need to worry about port number collisions. Currently if multiple users are using quassel on a shared server they need to use different ports (this assumes that the administrator does not have time to configured a shared quassel core instance). Allocating port numbers is really annoying especially if you use multiple ssh tunnels between multiple servers and desktops and quassel instances.
Disadvantages:
1) This would obviously be a more advanced feature that probably only makes sense for advanced users. You might want to hide it behind some Advanced tab "Edit Core Account" dialog.
2) At least I don't know how to support this on anything else than Linux.
History
#1 Updated by johu over 13 years ago
Vote against because of simple solution: configure firewall that drops/rejects packages from not-local nets for quassel port.
#2 Updated by lindi over 13 years ago
I'm running quassel core on a multiuser machine for which I have no root access. Even if I had root access, should I use "iptables -m owner --uid-owner" to make sure that no other user of the same multiuser machine can connect?
And even if that works, there's still the trouble of assigning unique ports for each user.
#3 Updated by lindi over 13 years ago
I have a half-working patch that adds unix socket support to the client (both code and UI). I'm currently testing it as follows:
1) build with -DWITH_OPENSSL=OFF
2) run "socat -x UNIX-LISTEN:/tmp/quassel TCP-CONNECT:localhost:4242"
3) run "./quasselcore --logfile=core.log --loglevel=Info --configdir=config --port=4242"
4) run "./quasselclient"
5) check "Use Local Socket" on the core settings dialog and enter "/tmp/quassel" as the path.
I'll implement support to core next. Should the syntax be "--address unix:/tmp/quassel" or "--local-socket /tmp/quassel"?
Current problems:
1) I'm not sure what to do with SSL. It might be just extra since unix socket is not visible to other users. However, I like the idea of having everything encrypted just in case somebody does crazy socat forwarding and the data actually hits TCP somewhere.
2) QSslSocket seems to be somewhat tied to QTcpSocket, I don't know if it can be sensibly made to work with QLocalSocket.