| To: | Nathan Scott <nathans@xxxxxxxxxx> |
|---|---|
| Subject: | Re: QA fallout |
| From: | fche@xxxxxxxxxx (Frank Ch. Eigler) |
| Date: | Wed, 03 Jul 2013 23:22:48 -0400 |
| Cc: | Ken McDonell <kenj@xxxxxxxxxxxxxxxx>, pcp@xxxxxxxxxxx |
| Delivered-to: | pcp@xxxxxxxxxxx |
| In-reply-to: | <765640910.13166047.1372897280737.JavaMail.root@xxxxxxxxxx> (Nathan Scott's message of "Wed, 3 Jul 2013 20:21:20 -0400 (EDT)") |
| References: | <1942804724.9528832.1372391371173.JavaMail.root@xxxxxxxxxx> <2012907399.12207669.1372824416573.JavaMail.root@xxxxxxxxxx> <51D3F7E2.1010304@xxxxxxxxxxxxxxxx> <765640910.13166047.1372897280737.JavaMail.root@xxxxxxxxxx> |
| User-agent: | Gnus/5.1008 (Gnus v5.10.8) Emacs/21.4 (gnu/linux) |
Nathan Scott <nathans@xxxxxxxxxx> writes: > [...] >> Why no local changes by default? at first blush I'd expect >> allow localhost : all; >> like pmcd.conf. >> > I was a bit concerned with anyone having a local login being able to > effectively prevent the default logger from logging - that seems like > it needs to be blocked? [...] Agreed. Random local users should not be granted control/modification type privileges on a system service by default. If the pmlc<->pmlogger channel could be secured with the newfangled authentication, that'd be enough for e.g. uid=pcp or uid=root or gid=pcp to be allowed by default. Or change the pmlc<->pmlogger link to AF_UNIX, and then limit it via equivalent filesystem permissions. - FChE |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [pcp] pcp updates, Nathan Scott |
|---|---|
| Next by Date: | pcp updates, Ken McDonell |
| Previous by Thread: | Re: QA fallout (was Re: Prepare to be assimilated^Wanalysed; resistance is futile), Nathan Scott |
| Next by Thread: | pcp updates, Ken McDonell |
| Indexes: | [Date] [Thread] [Top] [All Lists] |