| From: | Joshua Jore <moomonk(at)daisy-chan(dot)org> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: OpenBSD Trusted Path Execution (TPE) compatibility? |
| Date: | 2001-07-06 01:16:23 |
| Message-ID: | Pine.BSO.4.33.0107052014140.21473-100000@aaieee.daisy-chan.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Nah, the restriction is only on fd 0 which isn't going to happen in reads
to real files. I've got it figured out now - unless I write some code for
PostgreSQL and don't let root own it (not run it, the postgresql user does
that) then I don't have to trust the daemon user.
Thanks for the suggestion tho. It's been an education ;-)
Josh
On Thu, 5 Jul 2001, Peter Eisentraut wrote:
> Joshua Jore writes:
>
> > Prevent execution of binaries that are in directories not owned by root
> > Prevents interpreters from reading from STDIN
> > Protect most proc info and *stat stuff
> > Strips LD_PRELOAD and LD_LIBRARY_PATH
> >
> > Is there any reason that PostgreSQL or postmaster would have a problem
> > with this
>
> You might have trouble with the second item if you're using passwords,
> since those have to come from stdin somehow. But your description is too
> vague to tell. The others shouldn't pose any problems.
>
> --
> Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Eric G. Miller | 2001-07-06 02:20:29 | Re: A PGLIB lo_export function for Win32 |
| Previous Message | Tatsuo Ishii | 2001-07-06 01:07:57 | Re: Multi-Languages support application |