| To: | Nathan Scott <nathans@xxxxxxxxxx> |
|---|---|
| Subject: | Re: pcp updates: lberk/marko merges, build+docs updates |
| From: | "Frank Ch. Eigler" <fche@xxxxxxxxxx> |
| Date: | Tue, 5 Jan 2016 18:32:44 -0500 |
| Cc: | pcp developers <pcp@xxxxxxxxxxx> |
| Delivered-to: | pcp@xxxxxxxxxxx |
| In-reply-to: | <177508323.4781358.1452036255000.JavaMail.zimbra@xxxxxxxxxx> |
| References: | <805278639.3777112.1451891182627.JavaMail.zimbra@xxxxxxxxxx> <780203978.3777208.1451891272970.JavaMail.zimbra@xxxxxxxxxx> <y0mio37n8i3.fsf@xxxxxxxx> <404092777.4770722.1452032875540.JavaMail.zimbra@xxxxxxxxxx> <20160105225138.GA5695@xxxxxxxxxx> <177508323.4781358.1452036255000.JavaMail.zimbra@xxxxxxxxxx> |
| User-agent: | Mutt/1.4.2.2i |
Hi - On Tue, Jan 05, 2016 at 06:24:15PM -0500, Nathan Scott wrote: > [...] > > Here are two realistic cases, not of "circumvention" but of normal > > First case does not seem very realistic, but hmmm, *shrug*, maybe. Thanks! > The second case is just the pmdaproc case rehashed (i.e. an opt-in > pmdapapi -A option would be a far better approach, localising that > privilege elevation). Except that -A does the opposite of localization, security-wise: it disables authentication pmcd-wide, so now all other pcp clients get more privileges than they should. -A seems like a crutch. - FChE |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | pcp updates: softnet fix, docs tweak, Nathan Scott |
|---|---|
| Next by Date: | pcp updates: docs, vCPU view, kenj merge, Nathan Scott |
| Previous by Thread: | Re: pcp updates: lberk/marko merges, build+docs updates, Nathan Scott |
| Next by Thread: | Overly chatty XXX/TODO comments in PCP code, Nathan Scott |
| Indexes: | [Date] [Thread] [Top] [All Lists] |