On Tue, Jun 07, 2005 at 12:39:48PM +0100, Neal H. Walfield wrote: > > > The socket credential check is at best a double check and a poor one > > > at that in particular on systems with different access control > > > systems. Moreover, the information provided by LOCAL_CRED violates > > > the principle of least information (i.e. it exposes information that > > > neither the client nor the server require to sufficiently implement > > > their security policy). > > > > I disagree with this. > > That's fine. We clearly have different ideas about how security > mechanisms are supposed to work and how a security policy is supposed > to be implemented. > > > > We think that programs never require the information that > > > LOCAL_CRED supplies to implement their security policy as such we > > > don't implement it. > > > > Your choice, I take patches for mach specific authentication > > but only if they don't modify the current behaviour on other platforms. > > I tried to make my patch as conservative as possible: it fixes the > case where LOCAL_CRED is not supported by the underlying OS.
I know. But if you want to use a patch based on capacity support from Mach, I would take it. BTW I don't understand I though HURD used l4 now so I'm suprized to see Mach resurfacing (I worked with Mach-3.0 in the early nineties, I would not say I kept a good opinion of it). > > Your patch sounds acceptable to me but I'm not on one of the affected > > platforms, so I asked for a public check. > > Linux and, I think, the various BSDs all support LOCAL_CRED. Which > other platforms did you have in mind? I'm not exclusive, but inclusive. You're touching a default behaviour so those can't just be listed, examples coming to mind are the various AIXes, MacOS X, HP-UX for example. Daniel -- Daniel Veillard | Red Hat Desktop team http://redhat.com/ [EMAIL PROTECTED] | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/ _______________________________________________ Gamin-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gamin-list
