Project

General

Profile

Actions

Feature #17166

open

net/http not supporting unix domain sockets

Added by hadmut (Hadmut Danisch) 7 months ago. Updated 7 months ago.

Status:
Open
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:99995]

Description

Hi,

meanwhile it's common and state of the art to offer rest apis not just over tcp/ip, but over unix domain sockets as well for machine-internal use and advanced security.

Unfortunately net/http does not support unix domain sockets. Although there is a workaround with the gem net_http_unix / NetX::HTTPUnix, this is rather useless, since most programs, libs, gems (e.g. rest-client) are based on net/http.

However, there's some security consideration. When evaluating e.g. HTML and accessing URLs, it could be harmful or leak information, if an URL point to some unix domain path could reveal information or allow to trigger something, e.g. tell through error messages whether a file exists or let someone unintentionally install a packet through ubuntu's snap mechanism (which is controlled through a unix domain socket with rest api).

It should, however, be possible to use unix domain sockets (without workaround, third party gem or low level code).

regards

Actions #1

Updated by hadmut (Hadmut Danisch) 7 months ago

  • Backport deleted (2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN)
  • Tracker changed from Bug to Feature
Actions

Also available in: Atom PDF