On Mon, 3 Apr 2006, Stephen Frost wrote:
> * Robert Watson (rwatson@FreeBSD.org) wrote:
>> On Mon, 3 Apr 2006, Stephen Frost wrote:
>>> This is certainly a problem with FBSD jails... Not only the
>>> inconsistancy, but what happens if someone manages to get access to the
>>> appropriate uid under one jail and starts sniffing or messing with the
>>> semaphores or shared memory segments from other jails? If that's possible
>>> then that's a rather glaring security problem...
>>
>> This is why it's disabled by default, and the jail documentation
>> specifically advises of this possibility. Excerpt below.
>
> Ah, I see, glad to see it's accurately documented. Given the rather
> significant use of shared memory by Postgres it seems to me that
> jail'ing it under FBSD is unlikely to get you the kind of isolation
> between instances that you want (the assumption being that you want to
> avoid the possibility of a user under one jail impacting a user in
> another jail). As such, I'd suggest finding something else if you
> truely need that isolation for Postgres or dropping the jails entirely.
>
> Running the Postgres instances under different uids (as you'd probably
> expect to do anyway if not using the jails) is probably the right
> approach. Doing that and using jails would probably work, just don't
> delude yourself into thinking that you're safe from a malicious user in
> one jail.
We don't ... we put all our databases on a central database server, even
private ones, that nobody has shell access to ... we keep them isolated
...
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
