Use pathname socket for better access control.
Details
- Reviewers
ossi - Group Reviewers
Frameworks - Commits
- R241:89275d0d1450: In linux don't use abstract socket to share file descriptor
Diff Detail
- Repository
- R241 KIO
- Branch
- master
- Lint
No Linters Available - Unit
No Unit Test Coverage
Can you explain a bit more in the commit log why this is better? I guess it comes from a discussion elsewhere, but better have the info here and in git in the end.
the idea is that you can do directory-based access controls on file-based sockets, while the abstract namespace has no controls.
otoh, only linux has the abstract namespace, and it supports peer credential verification as well, so this doesn't actually add any security afaict.
arguably, the patch still makes sense from a maintenance perspective, removing a redundant code path.
fwiw, i'd re-order this patch before the other one - it makes for smaller patches to first remove code and then refactor only what's left.
not sure why; the changes are semantically separate.
my suggestion was to put this before D10273, thus reducing the latter's size.