Re: [gamin] socket credentials: necessary?

On Tue, Jun 07, 2005 at 12:39:48PM +0100, Neal H. Walfield wrote:
> > > The socket credential check is at best a double check and a poor one
> > > at that in particular on systems with different access control
> > > systems.  Moreover, the information provided by LOCAL_CRED violates
> > > the principle of least information (i.e. it exposes information that
> > > neither the client nor the server require to sufficiently implement
> > > their security policy).
> > 
> >   I disagree with this.
> That's fine.  We clearly have different ideas about how security
> mechanisms are supposed to work and how a security policy is supposed
> to be implemented.
> > > We think that programs never require the information that
> > > LOCAL_CRED supplies to implement their security policy as such we
> > > don't implement it.
> > 
> >   Your choice, I take patches for mach specific authentication
> > but only if they don't modify the current behaviour on other platforms.
> I tried to make my patch as conservative as possible: it fixes the
> case where LOCAL_CRED is not supported by the underlying OS.

  I know. But if you want to use a patch based on capacity support from
Mach, I would take it. BTW I don't understand I though HURD used l4 now
so I'm suprized to see Mach resurfacing (I worked with Mach-3.0 in the
early nineties, I would not say I kept a good opinion of it).

> >   Your patch sounds acceptable to me but I'm not on one of the affected
> > platforms, so I asked for a public check.
> Linux and, I think, the various BSDs all support LOCAL_CRED.  Which
> other platforms did you have in mind?

  I'm not exclusive, but inclusive. You're touching a default behaviour
so those can't just be listed, examples coming to mind are the various AIXes,
MacOS X, HP-UX for example.


Daniel Veillard      | Red Hat Desktop team
veillard redhat com  | libxml GNOME XML XSLT toolkit | Rpmfind RPM search engine

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]