|
| Use TCP sockets. All Squid IPC would be over TCP sockets. Some
| people are uncomfortable with this. One problem is that others on
| the same host might still make connections to the stub process. I
| could bind Squid to some port before forking the the stub and have
| the stub dump connections from other ports
|
| Unix domain sockets (non blocking only?) are broken on some OS'es.
|
| FD passing may be another option, but I don't know how portable it is.
|
| Duane W.
|
Duane,
you may wish to look how the ssh-agent does this, which is by passing
FDs except that in certain cases it drops back to using a unix domain
socket (reluctantly). I haven't looked at the configuration code in
detail to see on which OSes it uses Unix domain sockets. But I do
assume that FD passing is moderately portable and more than moderately
secure except against those that have sufficient privilege to go
scrabbling through a running kernel.
Brian
Received on Tue Jul 29 2003 - 13:15:41 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:11:18 MST