Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Brendan Jurd <direvus(at)gmail(dot)com>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 19:37:26
Message-ID: 14195.1198438646@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> Peter Eisentraut wrote:
>> These services either use a protected port or a protected directory, or they
>> support SSL or something similar (SSH), or they are deprecated, as many 
>> traditional Unix services are.  If you find a service that is not covered by
>> this, then yes, you have a problem.

> It's certainly the default on my SQL Servers. And Sybase. AFAIK it's the
> default on MySQL,

Nyet.  I find this in configure.in in mysql 5.0.45 (reasonably current):

# The port should be constant for a LONG time
MYSQL_TCP_PORT_DEFAULT=3306
MYSQL_UNIX_ADDR_DEFAULT="/tmp/mysql.sock"

I see that Red Hat's RPM specfile overrides that:
	--with-unix-socket-path=/var/lib/mysql/mysql.sock
which was a decision that was taken long before I had anything to do
with it.  Note that neither the out-of-the-box default nor the
RH-modified convention appear to support multiple servers on the same
box with any degree of convenience; the server doesn't adjust the path
name depending on port number.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Magnus HaganderDate: 2007-12-23 19:40:56
Subject: Re: Spoofing as the postmaster
Previous:From: Andrew DunstanDate: 2007-12-23 15:57:17
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group