Comments (6)
xilun
commented on July 20, 2024
One way to fix that would be to also connect from the client to outbash.exe for redirection sockets (and not what is done for now in v0.9 and current HEAD: the reverse direction)
- advantage: same security code as for control socket
- drawback: "slow" when using lots of TCP socket on the same computer - but I can limit to a single extra call to GetExtendedTcpTable, or maybe even still only one per process spawn
Or I could implement custom security inband for redirection sockets -- but I'd rather not.
from cbwin.
xilun
commented on July 20, 2024
Or the client could wait for a confirmation of outbash.exe before starting redirection forwarding. outbash.exe would not confirm before successful connection to redirection port. (Each redirection port is exclusively owned by the client.)
from cbwin.
xilun
commented on July 20, 2024
3cfe57d partially mitigates the risk for now.
Further commits will eliminate it -- they will probably be backward incompatible at protocol level.
from cbwin.
xilun
commented on July 20, 2024
b4a8cf4 does not change the situation for now, but prepare for further changes that will.
from cbwin.
xilun
commented on July 20, 2024
5383b61 finishes to fix this issue. A new release will be published soon.
from cbwin.
xilun
commented on July 20, 2024
Fixed in release v0.10
from cbwin.
Related Issues (20)
- wrun: can't translate a WSL VolFs path to a Win32 one HOT 7
- Default command handler HOT 10
- some win32 console programs "sometimes" do line feed instead of new line, but a workaround seems possible HOT 1
- a cmd-like behavior distinguishing between console / GUI target programs might be useful HOT 1
- backgrounded & force redirected caller => SIGTTIN
- Use double quotes to prevent word splitting may be better HOT 12
- Problem with arguments containing the character "&" HOT 1
- wcmd cmd no longer laggy, but eats characters HOT 1
- Let cbwin in session mode launch multiple wcmd instances in parallel HOT 11
- wstart /mnt/c/windows does not work HOT 7
- Not work inside zsh HOT 14
- behavior of environment variable inconsistent in regards to case sensitivity HOT 1
- No terminal support HOT 6
- Vagrant output doesn't wrap correctly HOT 4
- interactive win32 console programs are broken (input and output) HOT 5
- Native Windows support for launching Windows applications HOT 1
- Some inputted characters skipped in Docker interactive terminal HOT 1
- Starting parameters for bash.exe
- Can't remove cbwin from my pc HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cbwin.