Nah, the restriction is only on fd 0 which isn't going to happen in reads
to real files. I've got it figured out now - unless I write some code for
PostgreSQL and don't let root own it (not run it, the postgresql user does
that) then I don't have to trust the daemon user.
Thanks for the suggestion tho. It's been an education ;-)
Josh
On Thu, 5 Jul 2001, Peter Eisentraut wrote:
> Joshua Jore writes:
>
> > Prevent execution of binaries that are in directories not owned by root
> > Prevents interpreters from reading from STDIN
> > Protect most proc info and *stat stuff
> > Strips LD_PRELOAD and LD_LIBRARY_PATH
> >
> > Is there any reason that PostgreSQL or postmaster would have a problem
> > with this
>
> You might have trouble with the second item if you're using passwords,
> since those have to come from stdin somehow. But your description is too
> vague to tell. The others shouldn't pose any problems.
>
> --
> Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html
>
