Kent M Pitman <firstname.lastname@example.org> wrote:
| David Bakhash <email@example.com> writes:
| > you set up an SSL socket server which, for each request, immediatly
| > opens another TCP/IP connection to the Lisp server on localhost.
| Is it, in general, guaranteed across all modern operating systems that
| socket to socket localhost does a loopback that isn't sniffable by external
| network hardware?
For most values of "modern operating system", yes. In BSD-derived stacks,
"localhost" is a purely software construct. The packets never touch the
hardware (other than memory & CPU, that is).
However... It's possible that a rogue program [virus, Trojan, whatever]
*on* the SSL server could connect via localhost to the Lisp server
and spoof the SSL server, causing the Lisp server to respond to a
request that didn't come through the SSL server. [Of course, if an
attacker can get a virus or Trojan onto the SSL server host, you're
already in serious trouble...]
Rob Warnock, 31-2-510 <firstname.lastname@example.org>
SGI Network Engineering <http://reality.sgi.com/rpw3/> [until 8/15]
1600 Amphitheatre Pkwy. Phone: 650-933-1673
Mountain View, CA 94043 PP-ASEL-IA
[Note: email@example.com and firstname.lastname@example.org aren't for humans ]