Home > mailing lists

Re: [HACKERS] SSL over Unix-domain sockets - Mailing list pgsql-patches

From	Andrew Dunstan
Subject	Re: [HACKERS] SSL over Unix-domain sockets
Date	January 17, 2008 15:36:06
Msg-id	478F83EE.3090904@dunslane.net Whole thread Raw
In response to	Re: [HACKERS] SSL over Unix-domain sockets (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: [HACKERS] SSL over Unix-domain sockets Re: [HACKERS] SSL over Unix-domain sockets
List	pgsql-patches

Tree view


Tom Lane wrote:
> Bruce Momjian <bruce@momjian.us> writes:
>
>> Peter Eisentraut wrote:
>>
>>> How does that prevent spoofing?
>>>
>
>
>> It creates a lock file that is the same name as the socket file that a
>> default-configured client would use, so it prevents a spoofed socket
>> from being created.
>>
>
> Only if the attacker didn't get there first.  I think this idea is
> nothing but a crude kluge anyway...
>
>

I agree. I remain of the opinion that this is not a problem than can be
solved purely within the bounds of postgres.

cheers

andrew

pgsql-patches by date:

From: Tom Lane
Date: 17 January 2008, 15:31:57
Subject: Re: [HACKERS] SSL over Unix-domain sockets

From: Simon Riggs
Date: 17 January 2008, 17:03:01
Subject: Doc patch for Bug 3877

Re: [HACKERS] SSL over Unix-domain sockets - Mailing list pgsql-patches

Previous

Next