| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Mark Mielke <mark(at)mark(dot)mielke(dot)cc>, Trevor Talbot <quension(at)gmail(dot)com>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Brendan Jurd <direvus(at)gmail(dot)com> |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-27 20:32:59 |
| Message-ID: | 200712272133.02327.peter_e@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander wrote:
> > How expensive would it be to implement a "server_user" db open parameter
> > that would perform reverse credential passing to validate? "dbname=XXX
> > port=5432 server_user=postgres". If the server can't prove it is
> > postgres through UNIX socket credential passing, it fails. Similarly,
>
> Probably not very, but you should be able to achieve the same thing by
> moving the socket to a protected directory, I think?
What you are ulimately interested in is who runs a given server. Making the
inference that if the socket is in a directory that is currently only
writable by a certain user implies that the user owns the server that offers
that socket doesn't sound like a given to me. And let's forget that it's not
really straightforward to find out who has write access to some directory.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-12-27 20:46:23 | Re: Spoofing as the postmaster |
| Previous Message | Tom Lane | 2007-12-27 20:29:30 | Archiver behavior at shutdown |