Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] SSL over Unix-domain sockets

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>, Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Date: 2008-01-17 16:35:58
Message-ID: 478F83EE.3090904@dunslane.net (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches

Tom Lane wrote:
> Bruce Momjian <bruce(at)momjian(dot)us> writes:
>   
>> Peter Eisentraut wrote:
>>     
>>> How does that prevent spoofing?
>>>       
>
>   
>> It creates a lock file that is the same name as the socket file that a
>> default-configured client would use, so it prevents a spoofed socket
>> from being created.
>>     
>
> Only if the attacker didn't get there first.  I think this idea is
> nothing but a crude kluge anyway...
>
>   

I agree. I remain of the opinion that this is not a problem than can be 
solved purely within the bounds of postgres.

cheers

andrew

In response to

Responses

pgsql-hackers by date

Next:From: Joshua D. DrakeDate: 2008-01-17 16:37:55
Subject: Re: proposal for 8.4: PL/pgSQL - statement CASE
Previous:From: Tom LaneDate: 2008-01-17 16:31:40
Subject: Re: [HACKERS] SSL over Unix-domain sockets

pgsql-patches by date

Next:From: Kevin GrittnerDate: 2008-01-17 16:44:16
Subject: Re: OUTER JOIN performance regression remains in8.3beta4
Previous:From: Tom LaneDate: 2008-01-17 16:31:40
Subject: Re: [HACKERS] SSL over Unix-domain sockets

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group