Re: [gamin] socket credentials: necessary?

> > The socket credential check is at best a double check and a poor one
> > at that in particular on systems with different access control
> > systems.  Moreover, the information provided by LOCAL_CRED violates
> > the principle of least information (i.e. it exposes information that
> > neither the client nor the server require to sufficiently implement
> > their security policy).
>   I disagree with this.

That's fine.  We clearly have different ideas about how security
mechanisms are supposed to work and how a security policy is supposed
to be implemented.

> > We think that programs never require the information that
> > LOCAL_CRED supplies to implement their security policy as such we
> > don't implement it.
>   Your choice, I take patches for mach specific authentication
> but only if they don't modify the current behaviour on other platforms.

I tried to make my patch as conservative as possible: it fixes the
case where LOCAL_CRED is not supported by the underlying OS.

> >  Again, my patch only allows gamin to run on systems
> > which don't support LOCAL_CRED.
>   Your patch sounds acceptable to me but I'm not on one of the affected
> platforms, so I asked for a public check.

Linux and, I think, the various BSDs all support LOCAL_CRED.  Which
other platforms did you have in mind?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]