Re: [gamin] socket credentials: necessary?

On Tue, Jun 07, 2005 at 02:42:40PM +0100, Neal H. Walfield wrote:
> >   I'm not exclusive, but inclusive. You're touching a default behaviour
> > so those can't just be listed, examples coming to mind are the various AIXes,
> > MacOS X, HP-UX for example.
> This is the point I don't understand: the patch only fixes what the
> Gamin claims to already do, i.e. support systems without LOCAL_CRED.
> If a system does not have LOCAL_CRED defined but does have the
> cmsgcred structure then Gamin will not work on that system at all.

  Well the patch actually trash the authentication on Linux. HAVE_CMSGCRED
is not defined, so we end up with lack_creds == 0 and as a result, socket
credentail are not even tested and c_pid is set to getuid() whicn also
mean all the debugging infrastructure can't report the PID of the target
process anymore. This is fairly bad since this ended up in 0.1.1 and
now I have 1/ a potential security problems and 2/ a broken debugging
infrastructure. I reverted the patch in CVS


Daniel Veillard      | Red Hat Desktop team
veillard redhat com  | libxml GNOME XML XSLT toolkit | Rpmfind RPM search engine

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]