Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-22 15:44:16
Message-ID: 200712221644.18160.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Bruce Momjian wrote:
> The fundamental problem is that because we don't require root, any user's
> postmaster or pretend postmaster is as legitimate as anyone else's.  SSL
> certificates add legitimacy checks for TCP, but not for unix domain
> sockets.

Wouldn't SSL work over Unix-domain sockets as well?  The API only deals with 
file descriptors.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

In response to

Responses

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2007-12-22 15:55:06
Subject: Re: Spoofing as the postmaster
Previous:From: D'Arcy J.M. CainDate: 2007-12-22 15:04:19
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group