| From: | Andreas Karlsson <andreas(at)proxel(dot)se> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: abstract Unix-domain sockets |
| Date: | 2020-11-09 15:58:06 |
| Message-ID: | 3d24b59c-3e35-1dd0-763b-5f65e1d89422@proxel.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 11/9/20 9:04 AM, Peter Eisentraut wrote:
> On 2020-11-09 07:08, Michael Paquier wrote:
>> As abstract namespaces don't have permissions, anyone knowing the name
>> of the path, which should be unique, can have an access to the server.
>> Do you think that the documentation should warn the user about that?
>> This feature is about easing the management part of the socket paths
>> while throwing away the security aspect of it.
>
> We could modify the documentation further. But note that the
> traditional way of putting the socket into /tmp has the same properties,
> so this shouldn't be a huge shock.
One issue with them is that they interact differently with kernel
namespaces than normal unix sockets do. Abstract sockets are handled by
the network namespaces, and not the file system namespaces. But I am not
sure that this is our job to document.
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2020-11-09 15:58:27 | Re: -O switch |
| Previous Message | Dmitry Dolgov | 2020-11-09 15:47:43 | Re: remove spurious CREATE INDEX CONCURRENTLY wait |