Feature #17166
closednet/http not supporting unix domain sockets
Description
Hi,
meanwhile it's common and state of the art to offer rest apis not just over tcp/ip, but over unix domain sockets as well for machine-internal use and advanced security.
Unfortunately net/http does not support unix domain sockets. Although there is a workaround with the gem net_http_unix / NetX::HTTPUnix, this is rather useless, since most programs, libs, gems (e.g. rest-client) are based on net/http.
However, there's some security consideration. When evaluating e.g. HTML and accessing URLs, it could be harmful or leak information, if an URL point to some unix domain path could reveal information or allow to trigger something, e.g. tell through error messages whether a file exists or let someone unintentionally install a packet through ubuntu's snap mechanism (which is controlled through a unix domain socket with rest api).
It should, however, be possible to use unix domain sockets (without workaround, third party gem or low level code).
regards
Updated by hadmut (Hadmut Danisch) about 4 years ago
- Tracker changed from Bug to Feature
- Backport deleted (
2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN)
Updated by hadmut (Hadmut Danisch) 3 months ago
Now this is almost four years old without any reaction at all.
Has anyone ever taken any notice of this problem, which affects a lot of people which are those REST API frameworks? Or is ruby dead, and it's time to find a new language?
Updated by byroot (Jean Boussier) 3 months ago
- Status changed from Open to Third Party's Issue
No it means it's a very fringe use case and nobody with that use case (including you) bothered to work on it.
It's extremely rare to use HTTP over unix sockets, and even very popular HTTP libraries for very popular languages like Python's requests
don't support it and require monkey patching and nobody calls Python dead.
So if you really need this you are welcome to open a pull request at https://github.com/ruby/net-http
Updated by hadmut (Hadmut Danisch) 3 months ago
That's simply wrong.
Several widely used apps offer their REST API over unix domain sockets for security reasons, e.g. LXD, snapd, docker, podman, which are just four of the most commonly used applications in the Linux world.
How can you call it a "very fringe use case" and "extremely rare"?
Missed the last 10 years of software development?
Updated by kddnewton (Kevin Newton) 3 months ago
Then build it. If it’s as widely used as you say, the PR is sure to be accepted.