| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>, Robert Watson <rwatson(at)FreeBSD(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org, kris(at)obsecurity(dot)org |
| Subject: | Re: semaphore usage "port based"? |
| Date: | 2006-04-11 19:27:33 |
| Message-ID: | 200604111927.k3BJRXH26498@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
[ FreeBSD email list removed.]
I totally agree, and have added the attached documentation patch to
recommend using different users in FreeBSD jails.
---------------------------------------------------------------------------
Stephen Frost wrote:
-- Start of PGP signed section.
> * Marc G. Fournier (scrappy(at)postgresql(dot)org) wrote:
> > On Mon, 3 Apr 2006, Stephen Frost wrote:
> > >Running the Postgres instances under different uids (as you'd probably
> > >expect to do anyway if not using the jails) is probably the right
> > >approach. Doing that and using jails would probably work, just don't
> > >delude yourself into thinking that you're safe from a malicious user in
> > >one jail.
> >
> > We don't ... we put all our databases on a central database server, even
> > private ones, that nobody has shell access to ... we keep them isolated
> > ...
>
> I guess what I was trying to get at is this:
>
> Running 2 Postgres instances under FreeBSD with (or without really, but
> I guess that's more obvious) jails but with the same UID is a bad idea.
> Even if Postgres could be modified to allow this to work you're going to
> be in a position where the jail isn't really helping much except to give
> a somewhat false (in this case) sense of security. We probably
> shouldn't encourage it and in fact it's something of a nice feature that
> it breaks.
>
> The reasoning is pretty simple: if someone manages to get control of
> one of the Postgres instances they're going to be able to wreck havoc on
> the other. With different UIDs, with or without jails, this would be
> much more difficult (need to get root first).
>
> Running 2 Postgres instances under FreeBSD with jails *and* different
> UIDs is *probably* better than w/o jails but since you have to enable
> the single-instance IPC system it might not be that great of a benefit
> over a simple chroot or similar.
>
> Hope that helps...
>
> Thanks,
>
> Stephen
-- End of PGP section, PGP failed!
--
Bruce Momjian http://candle.pha.pa.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| Attachment | Content-Type | Size |
|---|---|---|
| unknown_filename | text/plain | 1.3 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2006-04-11 19:40:18 | Re: semaphore usage "port based"? |
| Previous Message | Greg Stark | 2006-04-11 19:00:41 | Re: Support Parallel Query Execution in Executor |