| From: | Gregory Stark <stark(at)enterprisedb(dot)com> |
|---|---|
| To: | "Mark Mielke" <mark(at)mark(dot)mielke(dot)cc> |
| Cc: | "Trevor Talbot" <quension(at)gmail(dot)com>, "Tomasz Ostrowski" <tometzky(at)batory(dot)org(dot)pl>, "Magnus Hagander" <magnus(at)hagander(dot)net>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Peter Eisentraut" <peter_e(at)gmx(dot)net>, <pgsql-hackers(at)postgresql(dot)org>, "Bruce Momjian" <bruce(at)momjian(dot)us>, "Brendan Jurd" <direvus(at)gmail(dot)com> |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-24 04:33:39 |
| Message-ID: | 87prww1zks.fsf@oxford.xeocode.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Mark Mielke" <mark(at)mark(dot)mielke(dot)cc> writes:
> UNIX socket kernel credential passing was mentioned in an earlier post, but I
> didn't see it raised again.
I mentioned getsockopt(SO_PEERCRED) which isn't the same as credential
passing. It just tells you what uid is on the other end of your unix domain
socket.
I think it's much more widespread and portable than credential passing which
was a BSD feature which allowed you to send along your kernel credentials to
another process. So you could, for example, open a file in psql then pass the
file descriptor to the backend to have the backend read directly from the
file.
--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com
Ask me about EnterpriseDB's RemoteDBA services!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Mielke | 2007-12-24 16:21:46 | Re: Spoofing as the postmaster |
| Previous Message | Mark Mielke | 2007-12-24 03:57:40 | Re: Spoofing as the postmaster |