Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Greg Smith <gsmith(at)gregsmith(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-28 13:44:15
Message-ID: Pine.GSO.4.64.0712280804070.23189@westnet.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Thu, 27 Dec 2007, Stephen Frost wrote:

> Debian also has SELinux, if one wishes to configure it.  I suspect other 
> Debian-derived distributions also have it as a result.  It can certainly 
> be a pain to configure but it's far from impossible

That's a good summary.  As of Debian Etch (April of this year) the base 
distribution now include enough SELinux compatible userland packages for 
the fundamental utilities (ssh, svsvinit, pam, cron, some others) that you 
don't have to run around hacking a set of patches anymore just to get the 
base system working.

There is also a Hardened Gentoo with SELinux.  The most notable 
distribution where SELinux support is seriously dead is SuSE.

RHEL/Fedora are the only distributions where SELinux is taken seriously 
enough that most packages/daemons are patched and have policies setup in a 
useful state out of the box.  But with some work you can customize a 
reasonable setup on some other distributions.

--
* Greg Smith gsmith(at)gregsmith(dot)com http://www.gregsmith.com Baltimore, MD

In response to

pgsql-hackers by date

Next:From: Naz GassiepDate: 2007-12-28 15:09:23
Subject: Re: Spoofing as the postmaster
Previous:From: Peter EisentrautDate: 2007-12-28 10:55:12
Subject: Selectivity estimation for equality and range queries

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group