On 08/16/2014 07:47 AM, Matt Silverlock wrote:
> Hi all.
>
> Trying to rationalise my pg_hba.conf and pg_ident.conf configuration on
> a Debian/Ubuntu machine where:
>
> * One primary application user (“deploy”) runs web applications
> * postgres, nginx, et. al run under their own users
> * Using a Unix socket for connecting to PostgreSQL on the same machine
> (if I split the machines up at some point in the future, I’ll just run
> TCP + SSL w/ strict IP filtering)
>
> At the moment I’m using the following approach, where each database user
> (unique per application) only has permissions for its own database.
> Users are mapped to the “deploy” user so that peer authentication can work.
>
> What are the outstanding risks here? The only ‘likely’ scenario (short
> of the box itself being compromised) is if the app is compromised/flawed
> (i.e. some uncaught SQLi vuln in a lib) then it can drop its own tables,
> but not the tables of any other application running under the same OS user.
>
> (Heck, can you even have multiple applications talking to the same Unix
> socket?)
Yes. Here is a good description of how:
http://stackoverflow.com/questions/9644251/how-do-unix-domain-sockets-differentiate-between-multiple-clients
>
> Thanks in advance.
--
Adrian Klaver
adrian.klaver@aklaver.com