Re: [gamin] socket credentials patch for NetBSD

On Wed, Aug 31, 2005 at 06:41:54PM -0400, Johnny C. Lam wrote:
> Daniel Veillard wrote:
> >
> >  Changing the protocol on NetBSD where it doesn't work currently is fine,
> >but breaking the protocol API without added value (the pid, gid are 
> >trivially
> >spoofable so this doesn't add any security on Linux at least, while making
> >the code paths more complex) is not IMHO acceptable. I prefer to keep
> >the Linux and FreeBSD code as-is, still send a nul byte around and keep
> >the compatibility, it's inforamtion we can't trust anyway. The problem
> >of changing the API is that if you upgrade, kill the server or restart any
> >client then there is a protocol mismatch. Having a special protocol for
> >OS lacking secure local socket infrastructure is a workaround, I'm okay 
> >with this but not with generalizing the case. 
> I would actually like to do this a bit better.
> I've taken another look through the gamin sources, and it looks like the 
> client doesn't actually care about the server's PID, and the server 
> wants to know the client's PID because it uses it as a unique label to 
> identify the client.  Moreover, the server only uses the PID when 
> printing debugging messages.  Thus it seems that we could use something 
> else it its place in the connection and listener structures, e.g. a 
> unique int32_t integer in place of a pid_t.  Therefore, I shouldn't even 
> need to push the PID through the socket on NetBSD -- I can just push 
> NULs back and forth as before, but have the credential-checking routines 
> generate a unique int32_t label in place of the PID for storage.  This 
> would allow keeping the exact same protocol for all platforms.
> Do you see anything wrong with my understanding/reasoning?

  The fact it won't change the protocol sounds good. I don't understand your
unique ID idea, it won't solve the lack of authentification.

> If not, I'd like to change the name of the "pid" and "pidname" fields in 
> various structs to be "id" and "idname", and change the routines that 
> {get,set}_{pid,pidname} to be {get,set}_{id,idname}.  This would reflect 
> the fact that those aren't necessarily PIDs and pid-to-name strings, 
> though I would keep it that way on Linux and FreeBSD where that 
> information is easily discovered.
> Would that be okay?

  I don't understand the rationale. Why do you try to mix semantic changes
with what should be a patch to Just Make It Work on your platform. I would
really prefer a patch which ensure functional behaviour on FreeBSD from you,
then we can discuss if framework changes are really needed. I'm not opposed
to change the function names, I dislike that being mixed with what should 
be primarily a portability patch.


Daniel Veillard      | Red Hat Desktop team
veillard redhat com  | libxml GNOME XML XSLT toolkit | Rpmfind RPM search engine

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]