Re: SSL over Unix-domain sockets

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: SSL over Unix-domain sockets
Date: 2008-01-04 17:57:28
Message-ID: 200801041757.m04HvSw05537@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-patches

Magnus Hagander wrote:
> Bruce Momjian wrote:
> > Peter Eisentraut wrote:
> >> Am Freitag, 4. Januar 2008 schrieb Bruce Momjian:
> >>> Peter Eisentraut wrote:
> >>>> Using the attached patch, SSL will act over Unix-domain sockets. AFAICT,
> >>>> this just works. I didn't find a way to sniff a Unix-domain socket,
> >>>> however.
> >>>>
> >>>> How should we proceed with this?
> >>> I am confused by the shortness of this patch. Right now pg_hba.conf
> >>> has:
> >>>
> >>> # host DATABASE USER CIDR-ADDRESS METHOD [OPTION]
> >>> # hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTION]
> >>> # hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTION]
> >>>
> >>> These are all for TCP connections. How do we handle 'local' SSL
> >>> connection specification? Do we want to provide similar functionality
> >>> for local connections?
> >> Yes, we might want to add that as well. That and some documentation updates
> >> would probably cover everything.
> >
> > OK. Right now the documentation about spoofing says to use directory
> > permissions for the socket, and that works. I am thinking this is
> > something for 8.4.
>
> Actually, if you just commit that patch *without* pg_hba modifications,
> it still solves the problem stated, no? Because the client can be
> configured to require ssl and to require server certificate validation,
> and that's the hole we're trying to plug here...

Yes, it would plug the hole without fully implementing SSL control on
local sockets. However, the hole is already plugged by using directory
permissions so I question the need for a partial solution at this point
in 8.3.

At this point in 8.3 I think we have to ask if we would make such a
change in a minor release, and I don't think we would.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://postgres.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andrew Sullivan 2008-01-04 18:06:04 Re: Dynamic Partitioning using Segment Visibility Maps
Previous Message Magnus Hagander 2008-01-04 17:47:15 Re: SSL over Unix-domain sockets

Browse pgsql-patches by date

  From Date Subject
Next Message Kevin Grittner 2008-01-04 18:16:13 OUTER JOIN performance regression remains in 8.3beta4
Previous Message Magnus Hagander 2008-01-04 17:47:15 Re: SSL over Unix-domain sockets