Hi -
> > [...] it has perfectly safe & legimitate [sic] uses, [...]
>
> I've not seen a realistic case for elevating remote privileges
> and circumventing the pmcd/DSO authentication model in this way,
> just for webapps. [...]
Here are two realistic cases, not of "circumvention" but of normal
simple use, so we all have seen them:
- A person starts a personal pmwebd daemon to monitor the system and
her own processes with a webapp; she does not have sysadmin powers
to set up sasl stuff for pmcd to use (which, remember, is far from
out-of-the-box ATM); running "pmwebd -P" lets her own credentials
pass through to pmcd without any complication
- A sysadmin wants to monitor performance counters via pmdapapi from a
webapp, which limits itself to root-authenticated clients. He
starts up a custom pmwebd daemon, protects it with a firewall so
only she can connect to it. "pmwebd -P" lets him do it securely
and without any other setup complication.
(By the way, pcp-tcp style explicit authentication is not a security
panacea; if unthrottled, it would allow remote attackers to scan the
system user database, mass-testing userid/password combinations.
pmcd with sasl setup would be even less suitable for direct exposure
to hostile networks.)
- FChE
|