| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Kerberos includes (was Re: Port report: Fedora Core 3 x86_64) |
| Date: | 2004-12-19 23:42:11 |
| Message-ID: | 7556.1103499731@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I wrote:
>> [ concerning a discussion about Kerberos' com_err.h being in
>> /usr/include/et/ on some systems ]
> Actually, I'm wondering why we directly include com_err.h at all. At
> least in the version of <krb5.h> I have here, that file is included by
> krb5.h; so both backend/libpq/auth.c and interfaces/libpq/fe-auth.c
> compile just fine with #include <com_err.h> diked out.
After some digging in dusty old tarballs, I have learned that Kerberos 5
releases 1.0.* did indeed require a separate #include of com_err.h, but
in releases 1.1 and later krb5.h itself includes com_err.h and so
there's no need for a separate #include.
Kerberos 5 1.0.* includes serious known, never-patched vulnerabilities.
I can't believe that anyone is going to build PG 8.0 with krb5 1.0,
or that we need to be complicit in their trying to do so.
Accordingly, I think we should just avoid the whole problem of exactly
where com_err.h lives by removing the #includes for it as well as the
configure test for it.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2004-12-20 00:18:45 | Re: Shared row locking |
| Previous Message | Heikki Linnakangas | 2004-12-19 21:35:02 | Re: Shared row locking |