Skip site navigation (1) Skip section navigation (2)

Re: Patch: use SCM_CREDS authentication over PF_LOCAL sockets

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-patches(at)postgresql(dot)org
Subject: Re: Patch: use SCM_CREDS authentication over PF_LOCAL sockets
Date: 2001-08-19 01:37:19
Message-ID: 200108190137.f7J1bKS08322@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-patches
> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> > Since this patch overwrites the previous SO_PEERCRED patch I assume you
> > want it to work on Linux, too.  On Linux SCM_CREDS is called
> > SCM_CREDENTIALS.
> 
> Overwrite?  It looks like an addition to me.  I think the #ifdef tests
> in ident_unix are in the wrong order, however: we should prefer
> SO_PEERCRED if available, since that works with old clients.  As written
> the postmaster code will select SCM_CREDS if both methods are available,
> which is the wrong choice IMHO.

Yes, but I mentioned PEERCRED is new in 7.2 and wasn't widely
distributed by Debian, so we should decide which we want first.  Also,
let me mention that this could turn out to be a portability headache. 
We currently support two SCM_CRED implementations, FreeBSD and BSD/OS,
and they are both different.  I found:
	
	Linux : SO_PEERCRED
	FreeBSD: SCM_CREDS
	BSD/OS: SCM_CREDS (different from FreeBSD)
	NetBSD: LOCAL_CREDS
	Solaris: Doors

from a 1999 message:

	http://cert.uni-stuttgart.de/archive/bugtraq/1999/01/msg00098.html

I also found this mention:

      BSD/OS, FreeBSD and other BSD derived operating systems also 
      have SCM_CREDS that sends credential information through a UNIX 
      domain socket. [ Ok, someone point me to some standard that 
      documents the semantics. Every BSD camp is doing it differently 
      ":( ] 

in a 1999 FAQ:

	http://www.attrition.org/~modify/texts/unix/secure-faq.txt

I am slightly concerned that a platform will define SCM_CREDS but not
have an interface we support.  However, from the list above, it seems we
may be safe but not support NetBSD or Solaris versions.

FYI, this email states why BSD/OS and FreeBSD are different.  The
implementor didn't know of the BSD/OS implementation:

	http://groups.google.com/groups?q=scm_creds+freebsd+bsd/os&hl=en&safe=off&rnum=1&selm=6n5vnk%24p5k%242%40apakabar.cc.columbia.edu

I think this is a valuable feature to reduce the need to configure local
users as 'trust' or use 'ident' on local tcp/ip sockets.  One possible
solution would be to enable SCM_CREDS _only_ on BSD/OS and FreeBSD and
wait for others to verify it works on their platforms or submit a patch.

> > The invocation
> > changes to StrNCpy look suspicious; see the comment at StrNCpy in c.h.  In
> > one place you include errno.h twice.
> 
> These are good points.

Removed the duplicate errno.  Thanks.  I checked the StrNCpy call and I
can't see the problem.  I wrote the thing.  Have I been away from this
too long?  :-)

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

In response to

Responses

pgsql-patches by date

Next:From: Bruce MomjianDate: 2001-08-19 01:40:42
Subject: Re: encoding names
Previous:From: Bruce MomjianDate: 2001-08-18 23:41:46
Subject: Re: Patch: use SCM_CREDS authentication over PF_LOCAL sockets

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group