Re: [HACKERS] SSL over Unix-domain sockets - Mailing list pgsql-patches

From Bruce Momjian
Subject Re: [HACKERS] SSL over Unix-domain sockets
Date
Msg-id 200801180217.m0I2HXx24806@momjian.us
Whole thread Raw
In response to Re: [HACKERS] SSL over Unix-domain sockets  (Alvaro Herrera <alvherre@commandprompt.com>)
Responses Re: [HACKERS] SSL over Unix-domain sockets
Re: [HACKERS] SSL over Unix-domain sockets
List pgsql-patches
Alvaro Herrera wrote:
> > I'm not sure tmp cleaners will work that well against a determined spoofer.
>
> I don't understand.  The tmp cleaner is something we have to _avoid_.
> Let me repeat my proposal.
>
> I propose to create a dangling symlink on system startup in
> /tmp/.s.PGSQL.<port> to the real socket, which is not on a

I am confused because you say "dangling" then you say "to the real
socket".  You are saying it isn't dangling when the server is running?

> world-writable directory.  This avoids the spoofer, because he cannot
> create the socket -- the symlink is occupying its place.
>
> The only problem with this proposal is that the tmp cleaner would remove
> the symlink.  The solution to this is to configure the tmp cleaner so
> that it doesn't do that.
>
> It absolutely requires cooperation from the sysadmin, both to setup the
> symlink initially, and to configure the tmp cleaner.

If you are going to require the admin to modify the tmp cleanup script,
the admin might as well create the symlink at the same time and have it
recreate on boot.  We could actually just document this idea and be done
with it.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://postgres.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

pgsql-patches by date:

Previous
From: Tom Lane
Date:
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Next
From: Bruce Momjian
Date:
Subject: Re: [HACKERS] SSL over Unix-domain sockets