Josh Berkus wrote:
> Tom,
>
>
>> Indeed. If the Solaris folk feel that getupeercred() is insecure,
>> they had better explain why their kernel is that broken. This is
>> entirely unrelated to the known shortcomings of the "ident" IP
>> protocol.
>>
>
> The Solaris security & kernel folks do, actually. However, there's no
> question that TRUST is inherently insecure, and that's what people are going
> to use if they can't get IDENT to work.
>
>
I think I'd pose a slightly different question from Tom. Do the Solaris
devs think that their getupeercred() is more insecure than the more or
less equivalent calls that we are doing on Linux and *BSD for example? I
suspect they probably don't ;-)
cheers
andrew