| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, Garick Hamlin <ghamlin(at)isc(dot)upenn(dot)edu>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: [PATCHES] Solaris ident authentication using unix domain sockets |
| Date: | 2008-07-08 17:34:01 |
| Message-ID: | 4873A509.7050202@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Josh Berkus wrote:
> Tom,
>
>
>> Indeed. If the Solaris folk feel that getupeercred() is insecure,
>> they had better explain why their kernel is that broken. This is
>> entirely unrelated to the known shortcomings of the "ident" IP
>> protocol.
>>
>
> The Solaris security & kernel folks do, actually. However, there's no
> question that TRUST is inherently insecure, and that's what people are going
> to use if they can't get IDENT to work.
>
>
I think I'd pose a slightly different question from Tom. Do the Solaris
devs think that their getupeercred() is more insecure than the more or
less equivalent calls that we are doing on Linux and *BSD for example? I
suspect they probably don't ;-)
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2008-07-08 17:47:13 | Re: Identifier case folding notes |
| Previous Message | Peter Eisentraut | 2008-07-08 17:25:38 | Identifier case folding notes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Teodor Sigaev | 2008-07-08 18:43:20 | Re: [PATCHES] GIN improvements |
| Previous Message | Josh Berkus | 2008-07-08 16:35:32 | Re: [PATCHES] Solaris ident authentication using unix domain sockets |