Re: Upcoming re-releases - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Upcoming re-releases
Date
Msg-id 8440.1139676061@sss.pgh.pa.us
Whole thread Raw
In response to Re: Upcoming re-releases  (Martijn van Oosterhout <kleptog@svana.org>)
Responses Re: Upcoming re-releases
List pgsql-hackers
Martijn van Oosterhout <kleptog@svana.org> writes:
> These no real way around this. The only real option would be moving to
> a home directory but that would require knowing the username the server
> is running under...

And the problem would still exist, with even less chance of solution,
for TCP connections which are probably the majority of real-world usage.
If you're concerned about this sort of attack I think it has to be
solved in the protocol, not by reliance on socket placement.

I'm not sure whether our current SSL support does a good job of this
--- I think it only tries to check whether the server presents a
valid certificate, not which cert it is.  Possibly Kerberos does more,
but I dunno a thing about that...
        regards, tom lane


pgsql-hackers by date:

Previous
From: "Magnus Hagander"
Date:
Subject: Re: [PERFORM] What do the Windows pg hackers out there like for dev
Next
From: "Magnus Hagander"
Date:
Subject: Re: Upcoming re-releases