Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>,Magnus Hagander <magnus(at)hagander(dot)net>,Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-27 22:13:57
Message-ID: 20071227221357.GI5031@tamriel.snowman.net (view raw or flat)
Thread:
Lists: pgsql-hackers
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Most Linux distros don't have SELinux, AFAIK, so this is probably not a
> very useful suggestion.  Not that I have a problem with Red-Hat-specific
> solutions ;-)

Debian also has SELinux, if one wishes to configure it.  I suspect other
Debian-derived distributions also have it as a result.  It can certainly
be a pain to configure but it's far from impossible and if an SA has
concerns such as those described, well, I'd be kind of suprised if they
weren't considering SELinux (if they're on Linux anyway).

> ... but since one of the arguments being made against
> move-the-socket is that it introduces a lot of platform-specific
> assumptions, we have to apply that same criterion to alternative
> answers.

I don't quite follow how one argues 'against' SELinux in this context
as I don't believe upstream changes would be required here.  Just a
policy configuration whereby only the postgres user can listen on port
5432.

> As far as ensuring security from the server end, what about extending
> the pg_hba.conf options to require that the server has both checked
> a client certificate and presented its own certificate?  (I'm not sure
> whether OpenSSL provides a way to determine that, though.)

It'd be really nice to be able to have client-side certificates used for
authentication by having a way to associate a certificate (or maybe at
least the DN, but you can have dups) to a user.  That's a seperate
conversation tho, really.

	Thanks,
		
		Stephen

In response to

Responses

pgsql-hackers by date

Next:From: Magnus HaganderDate: 2007-12-27 22:19:29
Subject: Re: Spoofing as the postmaster
Previous:From: Tom LaneDate: 2007-12-27 21:57:00
Subject: Re: Archiver behavior at shutdown

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group