Skip site navigation (1) Skip section navigation (2)

Re: [PATCHES] Solaris ident authentication using unix domain sockets

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: Josh Berkus <josh(at)agliodbs(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, Garick Hamlin <ghamlin(at)isc(dot)upenn(dot)edu>, pgsql-patches(at)postgresql(dot)org
Subject: Re: [PATCHES] Solaris ident authentication using unix domain sockets
Date: 2008-07-08 17:34:01
Message-ID: 4873A509.7050202@dunslane.net (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches

Josh Berkus wrote:
> Tom,
>
>   
>> Indeed.  If the Solaris folk feel that getupeercred() is insecure,
>> they had better explain why their kernel is that broken.  This is
>> entirely unrelated to the known shortcomings of the "ident" IP
>> protocol.
>>     
>
> The Solaris security & kernel folks do, actually.  However, there's no 
> question that TRUST is inherently insecure, and that's what people are going 
> to use if they can't get IDENT to work.
>
>   


I think I'd pose a slightly different question from Tom. Do the Solaris 
devs think that their getupeercred() is more insecure than the more or 
less equivalent calls that we are doing on Linux and *BSD for example? I 
suspect they probably don't ;-)

cheers

andrew



In response to

pgsql-hackers by date

Next:From: Simon RiggsDate: 2008-07-08 17:47:13
Subject: Re: Identifier case folding notes
Previous:From: Peter EisentrautDate: 2008-07-08 17:25:38
Subject: Identifier case folding notes

pgsql-patches by date

Next:From: Teodor SigaevDate: 2008-07-08 18:43:20
Subject: Re: [PATCHES] GIN improvements
Previous:From: Josh BerkusDate: 2008-07-08 16:35:32
Subject: Re: [PATCHES] Solaris ident authentication using unix domain sockets

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group