Re: [gamin] socket credentials: necessary?

From: Daniel Veillard <veillard redhat com>
To: "Neal H. Walfield" <neal walfield org>
Cc: gamin-list gnome org
Subject: Re: [gamin] socket credentials: necessary?
Date: Tue, 7 Jun 2005 07:46:18 -0400

On Tue, Jun 07, 2005 at 12:39:48PM +0100, Neal H. Walfield wrote:
> > > The socket credential check is at best a double check and a poor one
> > > at that in particular on systems with different access control
> > > systems.  Moreover, the information provided by LOCAL_CRED violates
> > > the principle of least information (i.e. it exposes information that
> > > neither the client nor the server require to sufficiently implement
> > > their security policy).
> > 
> >   I disagree with this.
> 
> That's fine.  We clearly have different ideas about how security
> mechanisms are supposed to work and how a security policy is supposed
> to be implemented.
> 
> > > We think that programs never require the information that
> > > LOCAL_CRED supplies to implement their security policy as such we
> > > don't implement it.
> > 
> >   Your choice, I take patches for mach specific authentication
> > but only if they don't modify the current behaviour on other platforms.
> 
> I tried to make my patch as conservative as possible: it fixes the
> case where LOCAL_CRED is not supported by the underlying OS.

  I know. But if you want to use a patch based on capacity support from
Mach, I would take it. BTW I don't understand I though HURD used l4 now
so I'm suprized to see Mach resurfacing (I worked with Mach-3.0 in the
early nineties, I would not say I kept a good opinion of it).

> >   Your patch sounds acceptable to me but I'm not on one of the affected
> > platforms, so I asked for a public check.
> 
> Linux and, I think, the various BSDs all support LOCAL_CRED.  Which
> other platforms did you have in mind?

  I'm not exclusive, but inclusive. You're touching a default behaviour
so those can't just be listed, examples coming to mind are the various AIXes,
MacOS X, HP-UX for example.

Daniel

-- 
Daniel Veillard      | Red Hat Desktop team http://redhat.com/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

Follow-Ups:
- Re: [gamin] socket credentials: necessary?
  - From: Neal H. Walfield

References:
- [gamin] socket credentials: necessary?
  - From: Neal H. Walfield
- Re: [gamin] socket credentials: necessary?
  - From: Daniel Veillard
- Re: [gamin] socket credentials: necessary?
  - From: Neal H. Walfield

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]