Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] SSL over Unix-domain sockets

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>, Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Date: 2008-01-18 02:24:26
Message-ID: 200801180224.m0I2OQh25950@momjian.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Tom Lane wrote:
> Bruce Momjian <bruce(at)momjian(dot)us> writes:
> > I am confused because you say "dangling" then you say "to the real
> > socket".  You are saying it isn't dangling when the server is running?
> 
> Exactly.  When the server is running it provides a perfectly good path
> to the postmaster.  The point (and the main difference from your PIDfile
> proposal) is that it's supposed to be there all the time, even when the
> postmaster isn't running.  This is what provides protection against the
> spoofer getting there first.

OK, got it.

> > If you are going to require the admin to modify the tmp cleanup script,
> > the admin might as well create the symlink at the same time and have it
> > recreate on boot.
> 
> No, that's not the same, because it doesn't provide protection against
> the symlink getting deleted later on.

Right, so you have to modify the tmp cleaner and create the symlink, right?

-- 
  Bruce Momjian  <bruce(at)momjian(dot)us>        http://momjian.us
  EnterpriseDB                             http://postgres.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

In response to

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2008-01-18 02:42:05
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Previous:From: Tom LaneDate: 2008-01-18 02:21:19
Subject: Re: [HACKERS] SSL over Unix-domain sockets

pgsql-patches by date

Next:From: Andrew DunstanDate: 2008-01-18 02:42:05
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Previous:From: Tom LaneDate: 2008-01-18 02:21:19
Subject: Re: [HACKERS] SSL over Unix-domain sockets

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group