Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Gregory Stark <stark(at)enterprisedb(dot)com>
To: "Mark Mielke" <mark(at)mark(dot)mielke(dot)cc>
Cc: "Trevor Talbot" <quension(at)gmail(dot)com>, "Tomasz Ostrowski" <tometzky(at)batory(dot)org(dot)pl>, "Magnus Hagander" <magnus(at)hagander(dot)net>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Peter Eisentraut" <peter_e(at)gmx(dot)net>, <pgsql-hackers(at)postgresql(dot)org>, "Bruce Momjian" <bruce(at)momjian(dot)us>, "Brendan Jurd" <direvus(at)gmail(dot)com>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-24 04:33:39
Message-ID: (view raw or whole thread)
Lists: pgsql-hackers
"Mark Mielke" <mark(at)mark(dot)mielke(dot)cc> writes:

> UNIX socket kernel credential passing was mentioned in an earlier post, but I
> didn't see it raised again. 

I mentioned getsockopt(SO_PEERCRED) which isn't the same as credential
passing. It just tells you what uid is on the other end of your unix domain

I think it's much more widespread and portable than credential passing which
was a BSD feature which allowed you to send along your kernel credentials to
another process. So you could, for example, open a file in psql then pass the
file descriptor to the backend to have the backend read directly from the

  Gregory Stark
  Ask me about EnterpriseDB's RemoteDBA services!

In response to


pgsql-hackers by date

Next:From: Mark MielkeDate: 2007-12-24 16:21:46
Subject: Re: Spoofing as the postmaster
Previous:From: Mark MielkeDate: 2007-12-24 03:57:40
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group