Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Mark Mielke <mark(at)mark(dot)mielke(dot)cc>, Trevor Talbot <quension(at)gmail(dot)com>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Brendan Jurd <direvus(at)gmail(dot)com>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-27 20:32:59
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Magnus Hagander wrote:
> > How expensive would it be to implement a "server_user" db open parameter
> > that would perform reverse credential passing to validate? "dbname=XXX
> > port=5432 server_user=postgres". If the server can't prove it is
> > postgres through UNIX socket credential passing, it fails. Similarly,
> Probably not very, but you should be able to achieve the same thing by
> moving the socket to a protected directory, I think?

What you are ulimately interested in is who runs a given server.  Making the 
inference that if the socket is in a directory that is currently only 
writable by a certain user implies that the user owns the server that offers 
that socket doesn't sound like a given to me.  And let's forget that it's not 
really straightforward to find out who has write access to some directory.

Peter Eisentraut

In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 2007-12-27 20:46:23
Subject: Re: Spoofing as the postmaster
Previous:From: Tom LaneDate: 2007-12-27 20:29:30
Subject: Archiver behavior at shutdown

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group