Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: "Marko Kreen" <markokr(at)gmail(dot)com>
To: "Peter Eisentraut" <peter_e(at)gmx(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org, "Bruce Momjian" <bruce(at)momjian(dot)us>, "Tomasz Ostrowski" <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-22 19:03:54
Message-ID: e51f66da0712221103v36ad73ecgc39e31d787067712@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On 12/22/07, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> Bruce Momjian wrote:
> > The fundamental problem is that because we don't require root, any user's
> > postmaster or pretend postmaster is as legitimate as anyone else's. SSL
> > certificates add legitimacy checks for TCP, but not for unix domain
> > sockets.
>
> Wouldn't SSL work over Unix-domain sockets as well?  The API only deals with
> file descriptors.

For Unix sockets it should be enough to just check server
process uid, no?

(FYI - Debian already puts unix socket to directory writable
only to postgres user, so they dont have the problem.  Maybe
we should encourage distros to move away from /tmp?)

-- 
marko

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2007-12-22 19:08:36
Subject: Re: Spoofing as the postmaster
Previous:From: Mike RylanderDate: 2007-12-22 18:51:39
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group