Re: [PATCHES] Solaris ident authentication using unix domain sockets - Mailing list pgsql-hackers

From Andrew Dunstan
Subject Re: [PATCHES] Solaris ident authentication using unix domain sockets
Date
Msg-id 4873A509.7050202@dunslane.net
Whole thread Raw
In response to Re: [PATCHES] Solaris ident authentication using unix domain sockets  (Josh Berkus <josh@agliodbs.com>)
List pgsql-hackers

Josh Berkus wrote:
> Tom,
>
>
>> Indeed.  If the Solaris folk feel that getupeercred() is insecure,
>> they had better explain why their kernel is that broken.  This is
>> entirely unrelated to the known shortcomings of the "ident" IP
>> protocol.
>>
>
> The Solaris security & kernel folks do, actually.  However, there's no
> question that TRUST is inherently insecure, and that's what people are going
> to use if they can't get IDENT to work.
>
>


I think I'd pose a slightly different question from Tom. Do the Solaris
devs think that their getupeercred() is more insecure than the more or
less equivalent calls that we are doing on Linux and *BSD for example? I
suspect they probably don't ;-)

cheers

andrew



pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Identifier case folding notes
Next
From: Simon Riggs
Date:
Subject: Re: Identifier case folding notes