* Robert Watson (rwatson@FreeBSD.org) wrote:
> On Mon, 3 Apr 2006, Stephen Frost wrote:
> >This is certainly a problem with FBSD jails... Not only the
> >inconsistancy, but what happens if someone manages to get access to the
> >appropriate uid under one jail and starts sniffing or messing with the
> >semaphores or shared memory segments from other jails? If that's possible
> >then that's a rather glaring security problem...
>
> This is why it's disabled by default, and the jail documentation
> specifically advises of this possibility. Excerpt below.
Ah, I see, glad to see it's accurately documented. Given the rather
significant use of shared memory by Postgres it seems to me that
jail'ing it under FBSD is unlikely to get you the kind of isolation
between instances that you want (the assumption being that you want to
avoid the possibility of a user under one jail impacting a user in
another jail). As such, I'd suggest finding something else if you
truely need that isolation for Postgres or dropping the jails entirely.
Running the Postgres instances under different uids (as you'd probably
expect to do anyway if not using the jails) is probably the right
approach. Doing that and using jails would probably work, just don't
delude yourself into thinking that you're safe from a malicious user in
one jail.
Thanks,
Stephen
