Skip site navigation (1) Skip section navigation (2)

Re: Security choices...

From: Malcolm Beattie <mbeattie(at)sable(dot)ox(dot)ac(dot)uk>
To: Philip Warner <pjw(at)rhyme(dot)com(dot)au>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Security choices...
Date: 2000-07-28 20:53:34
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Philip Warner writes:
> At 12:25 28/07/00 -0400, Tom Lane wrote:
> >Philip Warner <pjw(at)rhyme(dot)com(dot)au> writes:
> >> Is there any reason that a security model does not exist for psql that
> >> allows Unix user 'fred' to log in as PG user 'fred' with no password etc,
> >> but any user trying to log on as someone other than themselves has to
> >> provide a password?
> >
> >Define "log in as themselves" --- in particular, how will you check?
> I was thinking (in a very blinkered way) of client processes on the same
> machine as the postmaster. Admitedly, I had not considered network access etc.
> Even in this limited form, it does not seem too bad; is there a way the
> postmaster can tell (a) the client is on the same machine, and (b) what the
> process username is?

You can tell whether someone is connecting via a Unix domain
socket (client on same machine) or an Internet domain socket
(remote machine or someone using localhost loopback or similar
for some reason). If it's a Unix domain socket then modern Unices
usually provide a way to find out who (i.e. the uid/gid which can
then be mapped to a username/groupname). The problem is that there's
no standard API to do so. Some ways need the cooperation of the
client to send a special "tell the peer who I am" thingy (SCM_CRED
message); some ways don't (Linux getsockopt SO_PEER_CRED and the
STREAMS way). I submitted an example patch (using the simple Linux
API) a month or few back to implement "only let username connect to
own database" but it wasn't accept or worked on because of lack of
portability. On the plus side, I found a Linux kernel bug in that
area (socketpair sockets didn't initialise SO_PEER_CRED) so I got
one bug fix patch accepted out of it :-)


Malcolm Beattie <mbeattie(at)sable(dot)ox(dot)ac(dot)uk>
Unix Systems Programmer
Oxford University Computing Services

In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 2000-07-28 22:10:11
Subject: bufmgr and smgr don't talk to each other, apparently
Previous:From: hstengerDate: 2000-07-28 20:14:49
Subject: Re: Automatically ROLLBACK after fall in *ABORT STATE*

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group