Quick Links

Re: Spoofing as the postmaster

From:	Peter Eisentraut <peter_e(at)gmx(dot)net>
To:	pgsql-hackers(at)postgresql(dot)org
Cc:	Bruce Momjian <bruce(at)momjian(dot)us>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject:	Re: Spoofing as the postmaster
Date:	2007-12-22 15:44:16
Message-ID:	200712221644.18160.peter_e@gmx.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Bruce Momjian wrote:
> The fundamental problem is that because we don't require root, any user's
> postmaster or pretend postmaster is as legitimate as anyone else's. SSL
> certificates add legitimacy checks for TCP, but not for unix domain
> sockets.

Wouldn't SSL work over Unix-domain sockets as well? The API only deals with
file descriptors.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

In response to

Spoofing as the postmaster at 2007-12-22 14:25:05 from Bruce Momjian

Responses

Re: Spoofing as the postmaster at 2007-12-22 15:55:06 from Andrew Dunstan
Re: Spoofing as the postmaster at 2007-12-22 18:04:47 from Tom Lane
Re: Spoofing as the postmaster at 2007-12-22 19:03:54 from Marko Kreen

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Andrew Dunstan	2007-12-22 15:55:06	Re: Spoofing as the postmaster
Previous Message	D'Arcy J.M. Cain	2007-12-22 15:04:19	Re: Spoofing as the postmaster