On Thu, 2005-05-19 at 09:46, lister wrote:
> At the BSDCan tutorial last week on jails (and several other times)
> there was discussion regarding Postgres's use of system V style
> shared memory, and an unfortunate side effect of making jail() less
> secure. Specifically, to allow Postgres to operate in a jail()ed
> environment, the sysctl :
> jail.sysvipc_allowed=1
> has to be set. This allows ALL jails to access the memory, at the least
> leaving Postgres open to attack, at the worst allowing a door into who
> knows what security breach.
> Question : is there any way to run Postgres securely in a jail?
I'm note sure that this is an actual security issue. Assuming that the
processes running each jail are running under a different UID, they
shouldn't be anymore able to access each other's shared memory than they
would be able to share each others files.