Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>,Magnus Hagander <magnus(at)hagander(dot)net>,Mark Mielke <mark(at)mark(dot)mielke(dot)cc>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>,Bruce Momjian <bruce(at)momjian(dot)us>,Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-29 16:37:41
Message-ID: 20071229163741.GM5031@tamriel.snowman.net (view raw or flat)
Thread:
Lists: pgsql-hackers
* D'Arcy J.M. Cain (darcy(at)druid(dot)net) wrote:
> > Probably the first answer is not to run postgres on a machine with 
> > untrusted users, but that's not always possible. Maybe we can't find a 
> > simple cross-platform answer, but that doesn't mean we should not look 
> > at platform-specific answers, at least for documentation.
> 
> Yes, that's what I said at the start of this discussion.  If you don't
> trust the users with actual access to the box, the rest of this is
> pretty much academic.

Academic from an upstream standpoint, but there are platform-specific /
setup-specific things you can do (SELinux, vserver/jails, Kerberos, SSL,
etc...).  Documenting it is good, but I think it should really be to the
extent of saying "look, 5432 is unprivledged, here are some ways to deal
with that" and "you should probably put the PG unix socket in a secured
directory" (though Debian and I suspect many other distributions do this
part for you).

	Enjoy,

		Stephen

In response to

pgsql-hackers by date

Next:From: Mark MielkeDate: 2007-12-29 17:34:59
Subject: Re: Spoofing as the postmaster
Previous:From: D'Arcy J.M. CainDate: 2007-12-29 15:59:20
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group