Kerberos includes (was Re: Port report: Fedora Core 3 x86_64)
| От | Tom Lane |
|---|---|
| Тема | Kerberos includes (was Re: Port report: Fedora Core 3 x86_64) |
| Дата | |
| Msg-id | 7556.1103499731@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Port report: Fedora Core 3 x86_64 (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: Kerberos includes (was Re: Port report: Fedora Core 3 x86_64)
|
| Список | pgsql-hackers |
I wrote:
>> [ concerning a discussion about Kerberos' com_err.h being in
>> /usr/include/et/ on some systems ]
> Actually, I'm wondering why we directly include com_err.h at all. At
> least in the version of <krb5.h> I have here, that file is included by
> krb5.h; so both backend/libpq/auth.c and interfaces/libpq/fe-auth.c
> compile just fine with #include <com_err.h> diked out.
After some digging in dusty old tarballs, I have learned that Kerberos 5
releases 1.0.* did indeed require a separate #include of com_err.h, but
in releases 1.1 and later krb5.h itself includes com_err.h and so
there's no need for a separate #include.
Kerberos 5 1.0.* includes serious known, never-patched vulnerabilities.
I can't believe that anyone is going to build PG 8.0 with krb5 1.0,
or that we need to be complicit in their trying to do so.
Accordingly, I think we should just avoid the whole problem of exactly
where com_err.h lives by removing the #includes for it as well as the
configure test for it.
regards, tom lane
В списке pgsql-hackers по дате отправления: