Hi guys,
----- Original Message -----
> > [...]
> > ... so we appear to be no longer enforcing the host-based access control
> > for unix domain socket connections. I think we need to do that, in the
> > same way we did for "-h localhost", [...]
>
> Or else, have pmcd.conf or a pmcd option specify whether it is to bind
> to AF_UNIX and/or individual network interfaces at all. (For reasons
> we discussed earlier, I'm unfond of heuristics based on strings like
> "localhost".)
That would appear to not address the problem though? With these changes
we would go from having a mechanism for local host access control to not
having one, silently, and thats a problem. How local host is identified
is indeed a(nother) problem; but no matter how its identified, no amount
of on/off switching for af_unix/inet sockets is going to address the root
cause.
I too am unfond of the localhost heuristics, and the mapping localhost to
an interface is a bit wierd IMO. We may need to extend the access control
parsing to separate out "localhost" from "unix" ... I think that would be
OK, but keen to hear other peoples thoughts though, hopefully there are
other, betterer ways?
> > as others may not think so (can we control local pmcd
> > over-subscription without this?).
>
> How is over-subscription related?
We currently have a way to say "only members of group 'staff' can pmFetch"
(so, e.g. users of group 'students' cannot over-subscribe pmcd resources
by performing large metric value fetches every 2msec). With the changes
as they currently stand we would lose that protection.
cheers.
--
Nathan
|