| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Mark Mielke <mark(at)mark(dot)mielke(dot)cc> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-29 19:20:31 |
| Message-ID: | 12260.1198956031@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Mark Mielke <mark(at)mark(dot)mielke(dot)cc> writes:
> What has come out for me is that this isn't UNIX socket specific at all
> (although there may be UNIX socket specific options available). The
> standard PostgreSQL port is above 1024, and anybody could
> bind()/listen()/accept() on it, assuming it is not running.
Right. The real bottom line is that a socket in /tmp is exactly as
secure as a localhost TCP port. There is no value in debating moving
the default socket location unless you are prepared to also relocate
the default port to below 1024 (and even that helps only on Unix-y
platforms).
I remain of the opinion that what we should do about this is support
SSL usage over sockets and document the issues.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Smith | 2007-12-29 19:40:29 | Re: Spoofing as the postmaster |
| Previous Message | Tom Lane | 2007-12-29 19:16:19 | Re: Spoofing as the postmaster |