| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Mark Mielke <mark(at)mark(dot)mielke(dot)cc>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-29 15:38:13 |
| Message-ID: | 477669E5.9050505@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
D'Arcy J.M. Cain wrote:
> - 1: How does the client assure that the postmaster is legit
> - 2: How does the postmaster assure that the client is legit
>
>
>
And neither answers the original problem:
3. How can the sysadmin prevent a malicious local user from hijacking
the sockets if the postmaster isn't running?
Prevention is much more valuable than ex post detection, IMNSHO.
Probably the first answer is not to run postgres on a machine with
untrusted users, but that's not always possible. Maybe we can't find a
simple cross-platform answer, but that doesn't mean we should not look
at platform-specific answers, at least for documentation.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | D'Arcy J.M. Cain | 2007-12-29 15:59:20 | Re: Spoofing as the postmaster |
| Previous Message | Mark Mielke | 2007-12-29 15:15:04 | Re: Spoofing as the postmaster |