Re: [HACKERS] SSL over Unix-domain sockets

Alvaro Herrera wrote:
> > I'm not sure tmp cleaners will work that well against a determined spoofer.
>
> I don't understand. The tmp cleaner is something we have to _avoid_.
> Let me repeat my proposal.
>
> I propose to create a dangling symlink on system startup in
> /tmp/.s.PGSQL.<port> to the real socket, which is not on a

I am confused because you say "dangling" then you say "to the real
socket". You are saying it isn't dangling when the server is running?

> world-writable directory. This avoids the spoofer, because he cannot
> create the socket -- the symlink is occupying its place.
>
> The only problem with this proposal is that the tmp cleaner would remove
> the symlink. The solution to this is to configure the tmp cleaner so
> that it doesn't do that.
>
> It absolutely requires cooperation from the sysadmin, both to setup the
> symlink initially, and to configure the tmp cleaner.

If you are going to require the admin to modify the tmp cleanup script,
the admin might as well create the symlink at the same time and have it
recreate on boot. We could actually just document this idea and be done
with it.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://postgres.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +