Home > mailing lists

Re: Spoofing as the postmaster - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: Spoofing as the postmaster
Date	December 29, 2007 14:38:21
Msg-id	477669E5.9050505@dunslane.net Whole thread Raw
In response to	Re: Spoofing as the postmaster ("D'Arcy J.M. Cain" <darcy@druid.net>)
Responses	Re: Spoofing as the postmaster ("D'Arcy J.M. Cain" <darcy@druid.net>) Re: Spoofing as the postmaster (Mark Mielke <mark@mark.mielke.cc>)
List	pgsql-hackers

Tree view

D'Arcy J.M. Cain wrote:
>  - 1:  How does the client assure that the postmaster is legit
>  - 2:  How does the postmaster assure that the client is legit
>
>
>   

And neither answers the original problem:

3. How can the sysadmin prevent a malicious local user from hijacking 
the sockets if the postmaster isn't running?

Prevention is much more valuable than ex post detection, IMNSHO.

Probably the first answer is not to run postgres on a machine with 
untrusted users, but that's not always possible. Maybe we can't find a 
simple cross-platform answer, but that doesn't mean we should not look 
at platform-specific answers, at least for documentation.

cheers

andrew

pgsql-hackers by date:

From: Mark Mielke
Date: 29 December 2007, 14:18:52
Subject: Re: Spoofing as the postmaster

From: "D'Arcy J.M. Cain"
Date: 29 December 2007, 14:59:34
Subject: Re: Spoofing as the postmaster

Re: Spoofing as the postmaster - Mailing list pgsql-hackers

Previous

Next