[Opendnssec-develop] Again: Sharing PIN through POSIX message queues

Rick van Rein rick at openfortress.nl
Wed Aug 10 19:17:44 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

> I've been looking through the POSIX mq_ documentation, and cannot find the
> process identifier back.  That means that the mileage of this approach may
> vary with the platform.  (But now that OpenDNSSEC is ported to Windows, I
> suppose that is a basic issue underpinning OpenDNSSEC security anyway!)

Apparently, there are two API function sets to access queues.  That's the
nice thing about standards -- if you don't like today's version you can
always wait for next year's to come 'rond.

POSIX appears to be a closed spec[*] (way to go, IEEE) but online docs do
give me the impression that the process-id based authentication mechanism
would work in general on POSIX systems:

http://pubs.opengroup.org/onlinepubs/9699919799/

I must say I've yet to find a system that doesn't implement IPC.  Didn't
try Windows though... but since this is an option for security-conscious
users that hardly matters?

So, mileage does not seem to vary at all.  What I sent is indeed an approach
that should port wonderfully to all POSIX systems.


Cheers,
 -Rick

[*] Interesting side-note: The formal spec for electric installations in
    the Netherlands, namely NEN 1010, is also a closed spec.  Its status
    as an enforced spec (part of laws, etc.) is currently under attack as 
    invalid because it is not open.  Since we are all supposed to know
    the Dutch laws, they should be freely available to all.  Love it :)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: New to PGP? http://openfortress.nl/doc/essay/OpenPGP/index.nl.html

iD8DBQFOQtlYFBGpwol1RgYRAgwcAJ0V/P/UH0iSO6h5Xv87mpAwzQZr8QCeL4CL
tBFIhNasMGuMtGRM2LvMhc0=
=36X1
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list