Peer credentials (was Security choices...) - Mailing list pgsql-hackers

From Alex Pilosov
Subject Peer credentials (was Security choices...)
Date
Msg-id Pine.BSO.4.10.10008042335280.4362-100000@spider.pilosoft.com
Whole thread Raw
In response to Re: Security choices...  (Bruce Momjian <pgman@candle.pha.pa.us>)
List pgsql-hackers
On Fri, 4 Aug 2000, Bruce Momjian wrote:

> > At 18:34 4/08/00 -0400, Bruce Momjian wrote:
> > >[ Charset ISO-8859-1 unsupported, converting... ]
> > >> Philip Warner writes:
> > >> 
> > >> > Is there any reason that a security model does not exist for psql that
> > >> > allows Unix user 'fred' to log in as PG user 'fred' with no password etc,
> > >> > but any user trying to log on as someone other than themselves has to
> > >> > provide a password?
> > >> 
> > >> Short of someone sitting down and making it happen I don't see any. You'd
> > >> only need to implement some sort of fall-through in `pg_hba.conf', which
> > >> in my estimate can't be exceedingly hard.
> > >
> > >How do you know Fred is Fred without a password?
> > >
> > 
> > The idea was to apply only on the matchine on which the postmaster runs;
> > then ideally you get the username of the client process. It's kind of like
> > IDENT, except it works only for local connections, and asks for passwords
> > for non-local connections.
> 
> I am not aware of any way to determine the PID at the other end of a
> unix domain socket.

You actually don't need the PID on the other end, what you are interested
are the credentials of a process on the other end. 

Unfortunately, every OS implemented it in very different way. Linux has
SO_PEERCREDS option, solaris has doors, xBSD have SCM_CREDS or LOCAL_CREDS

see:

http://metalab.unc.edu/pub/Linux/docs/HOWTO/Secure-Programs-HOWTO
http://www.whitefang.com/sup/work.html
http://cr.yp.to/docs/secureipc.html



pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Security choices...
Next
From: Thomas Lockhart
Date:
Subject: Quoting fun