Re: Spoofing as the postmaster

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Mark Mielke <mark(at)mark(dot)mielke(dot)cc>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-29 15:38:13
Message-ID: 477669E5.9050505@dunslane.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

D'Arcy J.M. Cain wrote:
> - 1: How does the client assure that the postmaster is legit
> - 2: How does the postmaster assure that the client is legit
>
>
>

And neither answers the original problem:

3. How can the sysadmin prevent a malicious local user from hijacking
the sockets if the postmaster isn't running?

Prevention is much more valuable than ex post detection, IMNSHO.

Probably the first answer is not to run postgres on a machine with
untrusted users, but that's not always possible. Maybe we can't find a
simple cross-platform answer, but that doesn't mean we should not look
at platform-specific answers, at least for documentation.

cheers

andrew

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message D'Arcy J.M. Cain 2007-12-29 15:59:20 Re: Spoofing as the postmaster
Previous Message Mark Mielke 2007-12-29 15:15:04 Re: Spoofing as the postmaster