Subject: Re: Mod_lisp 2.0 released
From: (Rob Warnock)
Date: 22 Jun 2001 11:27:51 GMT
Newsgroups: comp.lang.lisp
Message-ID: <9gva3n$iia1j$>
Kent M Pitman  <> wrote:
| David Bakhash <> writes:
| > you set up an SSL socket server which, for each request, immediatly
| > opens another TCP/IP connection to the Lisp server on localhost.
| Is it, in general, guaranteed across all modern operating systems that
| socket to socket localhost does a loopback that isn't sniffable by external
| network hardware?

For most values of "modern operating system", yes. In BSD-derived stacks,
"localhost" is a purely software construct. The packets never touch the
hardware (other than memory & CPU, that is).

However... It's possible that a rogue program [virus, Trojan, whatever]
*on* the SSL server could connect via localhost to the Lisp server
and spoof the SSL server, causing the Lisp server to respond to a
request that didn't come through the SSL server. [Of course, if an
attacker can get a virus or Trojan onto the SSL server host, you're
already in serious trouble...]


Rob Warnock, 31-2-510		<>
SGI Network Engineering		<> [until 8/15]
1600 Amphitheatre Pkwy.		Phone: 650-933-1673
Mountain View, CA  94043	PP-ASEL-IA

[Note: and aren't for humans ]