Skip site navigation (1) Skip section navigation (2)

Re: refusing connections based on load ...

From: The Hermit Hacker <scrappy(at)hub(dot)org>
To: Ian Lance Taylor <ian(at)airs(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: refusing connections based on load ...
Date: 2001-04-24 04:23:41
Message-ID: Pine.BSF.4.33.0104240122060.4451-100000@mobile.hub.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On 23 Apr 2001, Ian Lance Taylor wrote:

> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
>
> > On Linux and BSD it seems to be more common to put /dev/kmem into a
> > specialized group "kmem", so running postgres as setgid kmem is not so
> > immediately dangerous.  Still, do you think it's a good idea to let an
> > attacker have open-ended rights to read your kernel memory?  It wouldn't
> > take too much effort to sniff passwords, for example.
>
> On Linux you can get the load average by doing `cat /proc/loadavg'.
> On NetBSD you can get the load average via a sysctl.  On those systems
> and others the uptime program is neither setuid nor setgid.

Good call ... FreeBSD has it also, and needs no special privileges ...
just checked, and the sysctl command isn't setuid/setgid anything, so I'm
guessing that using sysctl() to pull these values shouldn't create any
security issues on those systems that support it ?



In response to

pgsql-hackers by date

Next:From: Lincoln YeohDate: 2001-04-24 04:39:29
Subject: Re: refusing connections based on load ...
Previous:From: The Hermit HackerDate: 2001-04-24 04:20:42
Subject: Re: refusing connections based on load ...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group