search

facebookarchive / nailgun

Nailgun is a client, protocol, and server for running Java programs from the command line without incurring the JVM startup overhead.
https://github.com/facebook/nailgun
Other
731 stars 138 forks source link

Limit access to the daemon to the same user #108

Closed retronym closed 6 years ago

retronym commented 7 years ago

The Nailgun docs prominently note that:

Before you download it, be aware that it's not secure. Not even close. Although there are means to ensure that the client is connected to the server from the local machine, there is not yet any concept of a "user". Any programs that run in Nailgun are run with the same permissions as the server itself. You have been warned.

A standard approach to improve the security story would be to require that the client passes an authentication token that it reads from a file written by the server (this is often piggybacked on the file used for port discovery). This file can be restricted to be readable only be the current server user (locking down the file permissions is a bit fiddly to do in Java in a cross platform way, but is possible with the NIO APIs).

An alternative approach is to use Unix Domain Sockets / Windows Named Pipes (as is done in facebook/watchman), rather than a TCP socket on the loopback interface. This would require some platform-specific native code (or a library that wraps said native code) on the server side.

ilya-klyuchnikov commented 7 years ago

nailgun can be used with Unix Domain Sockets / Windows Named Pipes. See pynailgun/test_ng.py to see examples of such usage.

retronym commented 7 years ago

Great! So I guess it is just matter of updating the documentation!

FTR, here's are the server impls: https://github.com/facebook/nailgun/blob/master/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGUnixDomainSocket.java https://github.com/facebook/nailgun/blob/master/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGWin32NamedPipeServerSocket.java

eed3si9n commented 7 years ago

Related to this, using NGUnixDomainSocket and NGWin32NamedPipeServerSocket I'm planning to support Unix Domain Sockets / Windows Named Pipes for sbt server (https://github.com/sbt/sbt/pull/3742). sbt is a build tool for Scala.

  1. Would you consider splitting up the socket related code into a separate library?
  2. Could you release it (or the latest Nailgun) to Maven Central please?
ilya-klyuchnikov commented 7 years ago

@eed3si9n

Some internal details of NGWin32NamedPipeServerSocket are not universal and rely on how nailgun uses connection. The same may be true for NGUnixDomainSocket. (This is why they have NG prefixes). In order to be used with other backends - like sbt - they will require some rethinking.