<postgresql@fruru.com> writes:
> On Wed, 23 Jan 2002, Tom Lane wrote:
>> <postgresql@fruru.com> writes:
> If more people encounter the same problem (it's the way vserver works,
> there are some good arguments on why not to make 127.0.0.1 available)
>>
>> Uh ... what are they? We're willing to listen to reasonable arguments
>> why that needs to be configurable.
> All the vservers on a physical machine actually run on the same kernel and
> therefore share the same loopback interface. Every vserver has one IP
> address (alias) which it can use as its own. So using the alias we know
> in advance which vserver (if any) we send a packet to. Using 127.0.0.1 we
> don't, since if we don't limit the use of this address by the vservers,
> everyone (including people in a "hostile" vserver on the same physical
> machine) could bind to it and interfere with our vserver -> Not So
> Good(tm).
That might be a good argument in general, but it does not apply to
Postgres' use of 127.0.0.1, because we bind that socket to its own
address, so only packets out of the same socket will be received.
(Without this, the statistics setup would be quite insecure in the
normal non-vserver case.) We don't really care whether other vservers
are using other 127.0.0.1 ports.
I'm still of the opinion that the blame for insufficient configurability
should be placed on vserver not Postgres; vserver should have an option
to let you use 127.0.0.1.
regards, tom lane
