Re: [gamin] socket credentials patch for NetBSD

From: "Johnny C. Lam" <jlam NetBSD org>
To: veillard redhat com
Cc: gamin-list gnome org
Subject: Re: [gamin] socket credentials patch for NetBSD
Date: Fri, 02 Sep 2005 11:30:10 -0400

Daniel Veillard wrote:

On Thu, Sep 01, 2005 at 12:54:18PM -0400, Johnny C. Lam wrote:
Please correct me if I'm wrong, but it looked like the extent of theauthentication that gamin does is that the server and the clientmutually check that the process at the other end of the socket sharesthe same UID as itself. Since we can easily get this information on allof Linux, FreeBSD, NetBSD, OpenBSD, and BSD/OS, it's easy to make gaminwork on all of those platforms with the same "strength of authentication".
 The problem is to get it in a trusted way. Your initial patch was basically
believing informations sent from the client, and to me you can't trust those.

No, the initial patch and the next one got the actual credentials thatgamin uses (UID) in the same way. Actually, it's gotten in the same wayacross all the platforms -- from the kernel. The only difference isthat the initial patch pulled the PID info from the socket, but that'snot really credential information -- it's actually debugging information.

  We disagree on the importance of the debugging information.

We're not disagreeing. In fact, I agree with you! I was just askingwhether my understanding of how the PID information was used by gaminwas correct, which you confirmed.

  again non-conditionalized platform changes, you change data for all OSes
You may submit later a second patch explaining why this would need to be
changed, but I don't want to see this as part of a "make gamin work on NetBSD"
patch.

Okay, that's fine. This is your project, and I'll comply with yourrules. I do have access to all three platforms under discussion(NetBSD, FreeBSD, and Linux), and I did test on all three beforesubmitting my patches. However, to honor your wishes, I'll submit twoseparate patches: one with "#ifdef NetBSD" that adds only support forNetBSD, and another that consolidates the code for all three platformsso that differences are minimal.


	Cheers,

	-- Johnny Lam <jlam NetBSD org>

Follow-Ups:
- Re: [gamin] socket credentials patch for NetBSD
  - From: Daniel Veillard

References:
- Re: [gamin] socket credentials patch for NetBSD
  - From: Daniel Veillard
- Re: [gamin] socket credentials patch for NetBSD
  - From: Johnny C. Lam
- Re: [gamin] socket credentials patch for NetBSD
  - From: Daniel Veillard

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]