On 23 Apr 2001, Ian Lance Taylor wrote:
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> > On Linux and BSD it seems to be more common to put /dev/kmem into a
> > specialized group "kmem", so running postgres as setgid kmem is not so
> > immediately dangerous. Still, do you think it's a good idea to let an
> > attacker have open-ended rights to read your kernel memory? It wouldn't
> > take too much effort to sniff passwords, for example.
> On Linux you can get the load average by doing `cat /proc/loadavg'.
> On NetBSD you can get the load average via a sysctl. On those systems
> and others the uptime program is neither setuid nor setgid.
Good call ... FreeBSD has it also, and needs no special privileges ...
just checked, and the sysctl command isn't setuid/setgid anything, so I'm
guessing that using sysctl() to pull these values shouldn't create any
security issues on those systems that support it ?
In response to
pgsql-hackers by date
|Next:||From: Lincoln Yeoh||Date: 2001-04-24 04:39:29|
|Subject: Re: refusing connections based on load ...|
|Previous:||From: The Hermit Hacker||Date: 2001-04-24 04:20:42|
|Subject: Re: refusing connections based on load ... |