 |
 |
On Thu, 10 Aug 2006, Tim Jenness wrote: > On Thu, 10 Aug 2006, Mark Taylor wrote: > > > I presume this is a good idea in general. It may in fact be the > > most sensible PLASTIC way to do Starlink-specific things like > > "load an NDF into GAIA", as previously discussed. There is however > > an issue of security - PLASTIC has practically none, so in principle > > you could get third parties executing malicious arbitrary Tcl code > > on a remote machine running GAIA. For this reason I'll take it > > you already can using the straight socket. Is the problem that PLASTIC > uses a port that would ordinrily be left open in a firewall? Or is the <er_I've_got_a_feeling_that> To talk to GAIA's socket you at least need to know what port number it's at and I think you also need a cookie - to find both these bits of information you need to look in ~/.rtd-remote. I had assumed that this had permissions like 0600, but looking I see that mine is currently 0644. So anyone who can see my home disk (maybe they also need to run a process on the same machine as me? not sure) can use my running instance of GAIA to read/write/delete all my files. Hmm. Well it seems that hasn't caused the collapse of western civilisation just yet. </er_I've_got_a_feeling_that> This situation is pretty much what applies to the XML-RPC mode of PLASTIC access. However, clients can choose another way to invoke PLASTIC requests, which is using Java-RMI. In this case there is a well-known port, which *I think* means that anyone who understands PLASTIC and wants to try looking at port 1099 of my machine, subject to permission by firewalls etc, could use GAIA to run arbitrary Tcl code as me. I'm not sure how likely it is that a normal firewall setup would permit this. Probably Java's standard RMI setup can be configured to reject attempted off-host connections, but I'm not sure whether it is so configured by default. > problem that TOPCAT was going to make this all trivial by popping up a > "please supply arbitrary code for GAIA to execute" popup? No, this facility won't be obvious to anybody who doesn't look quite carefully at various bits of documentation. > GAIA is the thing that needs the sanity checking. It would indeed be the > easiest way to support ORAC-DR switching to PLASTIC with the fewest > modifications (since oracdr does things like adjusts the display range > after loading an image). Well I don't mind adding this back in (it's a 3-liner) if you're happy to live with the consequences. If not, I should think it would be possible to hack it by private arrangement between GAIA and its friends until such time as the PLASTIC spec is fixed up to plug this. Mark -- Mark Taylor Astronomical Programmer Physics, Bristol University, UK [log in to unmask] +44-117-928-8776 http://www.star.bris.ac.uk/~mbt/