Project

General

Profile

Actions

Feature #17166

closed

net/http not supporting unix domain sockets

Feature #17166: net/http not supporting unix domain sockets

Added by hadmut (Hadmut Danisch) about 5 years ago. Updated about 1 year ago.

Status:
Third Party's Issue
Assignee:
-
Target version:
-
[ruby-core:99995]

Description

Hi,

meanwhile it's common and state of the art to offer rest apis not just over tcp/ip, but over unix domain sockets as well for machine-internal use and advanced security.

Unfortunately net/http does not support unix domain sockets. Although there is a workaround with the gem net_http_unix / NetX::HTTPUnix, this is rather useless, since most programs, libs, gems (e.g. rest-client) are based on net/http.

However, there's some security consideration. When evaluating e.g. HTML and accessing URLs, it could be harmful or leak information, if an URL point to some unix domain path could reveal information or allow to trigger something, e.g. tell through error messages whether a file exists or let someone unintentionally install a packet through ubuntu's snap mechanism (which is controlled through a unix domain socket with rest api).

It should, however, be possible to use unix domain sockets (without workaround, third party gem or low level code).

regards

Updated by hadmut (Hadmut Danisch) about 5 years ago Actions #1

  • Tracker changed from Bug to Feature
  • Backport deleted (2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN)

Updated by hadmut (Hadmut Danisch) about 1 year ago Actions #2 [ruby-core:118794]

Now this is almost four years old without any reaction at all.

Has anyone ever taken any notice of this problem, which affects a lot of people which are those REST API frameworks? Or is ruby dead, and it's time to find a new language?

Updated by byroot (Jean Boussier) about 1 year ago Actions #3 [ruby-core:118800]

  • Status changed from Open to Third Party's Issue

No it means it's a very fringe use case and nobody with that use case (including you) bothered to work on it.

It's extremely rare to use HTTP over unix sockets, and even very popular HTTP libraries for very popular languages like Python's requests don't support it and require monkey patching and nobody calls Python dead.

So if you really need this you are welcome to open a pull request at https://github.com/ruby/net-http

Updated by hadmut (Hadmut Danisch) about 1 year ago Actions #4 [ruby-core:118801]

That's simply wrong.

Several widely used apps offer their REST API over unix domain sockets for security reasons, e.g. LXD, snapd, docker, podman, which are just four of the most commonly used applications in the Linux world.

How can you call it a "very fringe use case" and "extremely rare"?

Missed the last 10 years of software development?

Updated by kddnewton (Kevin Newton) about 1 year ago Actions #5 [ruby-core:118802]

Then build it. If it’s as widely used as you say, the PR is sure to be accepted.

Actions

Also available in: PDF Atom