Home > mailing lists

Re: Spoofing as the postmaster - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Spoofing as the postmaster
Date	December 22, 2007 14:44:25
Msg-id	200712221644.18160.peter_e@gmx.net Whole thread Raw
In response to	Spoofing as the postmaster (Bruce Momjian <bruce@momjian.us>)
Responses	Re: Spoofing as the postmaster (Andrew Dunstan <andrew@dunslane.net>) Re: Spoofing as the postmaster (Tom Lane <tgl@sss.pgh.pa.us>) Re: Spoofing as the postmaster ("Marko Kreen" <markokr@gmail.com>)
List	pgsql-hackers

Tree view

Bruce Momjian wrote:
> The fundamental problem is that because we don't require root, any user's
> postmaster or pretend postmaster is as legitimate as anyone else's.  SSL
> certificates add legitimacy checks for TCP, but not for unix domain
> sockets.

Wouldn't SSL work over Unix-domain sockets as well?  The API only deals with 
file descriptors.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

pgsql-hackers by date:

From: "D'Arcy J.M. Cain"
Date: 22 December 2007, 14:04:37
Subject: Re: Spoofing as the postmaster

From: Andrew Dunstan
Date: 22 December 2007, 14:55:22
Subject: Re: Spoofing as the postmaster

Re: Spoofing as the postmaster - Mailing list pgsql-hackers

Previous

Next