| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Mark Mielke <mark(at)mark(dot)mielke(dot)cc>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-29 16:37:41 |
| Message-ID: | 20071229163741.GM5031@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* D'Arcy J.M. Cain (darcy(at)druid(dot)net) wrote:
> > Probably the first answer is not to run postgres on a machine with
> > untrusted users, but that's not always possible. Maybe we can't find a
> > simple cross-platform answer, but that doesn't mean we should not look
> > at platform-specific answers, at least for documentation.
>
> Yes, that's what I said at the start of this discussion. If you don't
> trust the users with actual access to the box, the rest of this is
> pretty much academic.
Academic from an upstream standpoint, but there are platform-specific /
setup-specific things you can do (SELinux, vserver/jails, Kerberos, SSL,
etc...). Documenting it is good, but I think it should really be to the
extent of saying "look, 5432 is unprivledged, here are some ways to deal
with that" and "you should probably put the PG unix socket in a secured
directory" (though Debian and I suspect many other distributions do this
part for you).
Enjoy,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Mielke | 2007-12-29 17:34:59 | Re: Spoofing as the postmaster |
| Previous Message | D'Arcy J.M. Cain | 2007-12-29 15:59:20 | Re: Spoofing as the postmaster |