sockets for redirections are not using any security

[xilun]

So there is still a risk when used on a multi user computer for now...

[xilun]

One way to fix that would be to also connect from the client to outbash.exe for redirection sockets (and not what is done for now in v0.9 and current HEAD: the reverse direction)

• advantage: same security code as for control socket
• drawback: "slow" when using lots of TCP socket on the same computer - but I can limit to a single extra call to GetExtendedTcpTable, or maybe even still only one per process spawn

Or I could implement custom security inband for redirection sockets -- but I'd rather not.

[xilun]

Or the client could wait for a confirmation of outbash.exe before starting redirection forwarding. outbash.exe would not confirm before successful connection to redirection port. (Each redirection port is exclusively owned by the client.)

[xilun]

3cfe57d partially mitigates the risk for now.

Further commits will eliminate it -- they will probably be backward incompatible at protocol level.

[xilun]

b4a8cf4 does not change the situation for now, but prepare for further changes that will.

[xilun]

5383b61 finishes to fix this issue. A new release will be published soon.

[xilun]

Fixed in release v0.10