Re: semaphore usage "port based"? - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: semaphore usage "port based"?
Date
Msg-id 20060403225145.GI4474@ns.snowman.net
Whole thread Raw
In response to Re: semaphore usage "port based"?  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: semaphore usage "port based"?
Re: semaphore usage "port based"?
Re: semaphore usage "port based"?
List pgsql-hackers
* Robert Watson (rwatson@FreeBSD.org) wrote:
> On Mon, 3 Apr 2006, Stephen Frost wrote:
> >This is certainly a problem with FBSD jails...  Not only the
> >inconsistancy, but what happens if someone manages to get access to the
> >appropriate uid under one jail and starts sniffing or messing with the
> >semaphores or shared memory segments from other jails?  If that's possible
> >then that's a rather glaring security problem...
>
> This is why it's disabled by default, and the jail documentation
> specifically advises of this possibility.  Excerpt below.

Ah, I see, glad to see it's accurately documented.  Given the rather
significant use of shared memory by Postgres it seems to me that
jail'ing it under FBSD is unlikely to get you the kind of isolation
between instances that you want (the assumption being that you want to
avoid the possibility of a user under one jail impacting a user in
another jail).  As such, I'd suggest finding something else if you
truely need that isolation for Postgres or dropping the jails entirely.

Running the Postgres instances under different uids (as you'd probably
expect to do anyway if not using the jails) is probably the right
approach.  Doing that and using jails would probably work, just don't
delude yourself into thinking that you're safe from a malicious user in
one jail.
Thanks,
    Stephen

pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: Suggestion: Which Binary?
Next
From: Mark Dilger
Date:
Subject: Re: WAL Bypass for indexes