Re: Spoofing as the postmaster

From: Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
To: Gregory Stark <stark(at)enterprisedb(dot)com>
Cc: Trevor Talbot <quension(at)gmail(dot)com>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>, Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Brendan Jurd <direvus(at)gmail(dot)com>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-24 16:21:46
Message-ID: 476FDC9A.7090703@mark.mielke.cc
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Gregory Stark wrote:
> "Mark Mielke" <mark(at)mark(dot)mielke(dot)cc> writes:
>
>> UNIX socket kernel credential passing was mentioned in an earlier post, but I
>> didn't see it raised again.
>>
>
> I mentioned getsockopt(SO_PEERCRED) which isn't the same as credential
> passing. It just tells you what uid is on the other end of your unix domain
> socket.
>
> I think it's much more widespread and portable than credential passing which
> was a BSD feature which allowed you to send along your kernel credentials to
> another process. So you could, for example, open a file in psql then pass the
> file descriptor to the backend to have the backend read directly from the
> file
I agree - I forgot there were different flavours. I think any of these
are just as good as SSL with public key authentication, and perhaps a
lot cheaper in terms of performance. The only piece of information
missing is the uid to compare against, which may as well be provided in
the db open parameters the same as any other parameters might be provided.

Cheers,
mark

--
Mark Mielke <mark(at)mielke(dot)cc>

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2007-12-24 16:50:30 Re: Spoofing as the postmaster
Previous Message Gregory Stark 2007-12-24 04:33:39 Re: Spoofing as the postmaster