| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | David Fetter <david(at)fetter(dot)org> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Sanity checking for ./configure options? |
| Date: | 2016-02-26 14:43:54 |
| Message-ID: | 31723.1456497834@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
David Fetter <david(at)fetter(dot)org> writes:
> On Fri, Feb 26, 2016 at 04:55:23PM +0530, Robert Haas wrote:
>> On Wed, Feb 24, 2016 at 4:01 AM, David Fetter <david(at)fetter(dot)org> wrote:
>>> I'm thinking that both the GUC check and the configure one should
>>> restrict it to [1024..65535].
>> Doesn't sound like a good idea to me. If somebody has a reason they
>> want to do that, they shouldn't have to hack the source code and
>> recompile to make it work.
> I'm not sure I understand a use case here.
> On *n*x, we already disallow running as root pretty aggressively,
> using the "have to hack the source code and recompile" level of effort
> you aptly described. This is just cleanup work on that project, as I
> see it.
> What am I missing?
You're assuming that every system under the sun prevents non-root
processes from opening ports below 1024. I do not know if that's
true, and even if it is, it doesn't seem to me that it's our job
to enforce it. I agree with Robert --- restricting to [1,65535]
is plenty good enough.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2016-02-26 14:50:38 | Re: get current log file |
| Previous Message | Shulgin, Oleksandr | 2016-02-26 14:41:07 | Re: [PATH] Correct negative/zero year in to_date/to_timestamp |