Re: [HACKERS] pgsql/php3/apache authentication - Mailing list pgsql-general

From wieck@debis.com (Jan Wieck)
Subject Re: [HACKERS] pgsql/php3/apache authentication
Date
Msg-id m12kkQV-0003lLC@orion.SAPserv.Hamburg.dsh.de
Whole thread Raw
In response to Re: [HACKERS] pgsql/php3/apache authentication  (Peter Eisentraut <e99re41@DoCS.UU.SE>)
Responses Re: [HACKERS] pgsql/php3/apache authentication
Re: [HACKERS] pgsql/php3/apache authentication
List pgsql-general
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> On Wed, 26 Apr 2000, Jim Mercer wrote:
>
> > - queries via localhost (unix domain sockets) should assume that the pg_user
> > is the same as the unix user running the process.
>
> There's no way for the server to determine the system user name of the
> other end of a domain socket; at least no one has implemented one yet. So
> essentially this isn't going to work.

    The  default  of  "local  all  trust"  is something I allways
    considered insecure. At least because the unix domain  socket
    isn't changed to mode 0700 after creation, so that only users
    in the unix dba (or whatever) group are trusted.

    If we add  a  permissions  field  to  the  local  entry,  the
    postmaster can chmod() the socket file after creating it (and
    maybe drain out waiting connections that slipped  in  between
    after  a  second  before  accepting  the first real one). The
    default hba would then read:

        local  all                               trust 0770
        host   all   127.0.0.1  255.255.255.255  ident sameuser

    There's IMHO no reason, why the postmaster shouldn't  try  to
    create  an  inet  socket bound to 127.0.0.1:pgport by default
    too.  And it must not be  considered  an  error  (while  some
    notice would be nice) if the creation of that socket fails.

    Also  we change libpq that if it get's an EPERM at connect(2)
    to the unix domain socket, it  tries  again  via  inet.  Some
    microseconds  overhead  but  transparent  for  non-dba  local
    users.

    Now someone can add users, he really trusts to the dba  group
    in  /etc/group.   Or  he can open the entire DB system to all
    local users by changing the permissions to 0777.


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#========================================= wieck@debis.com (Jan Wieck) #



pgsql-general by date:

Previous
From: "Hiroshi Inoue"
Date:
Subject: RE: Revisited: Transactions, insert unique.
Next
From: Lincoln Yeoh
Date:
Subject: Re: pgsql DATE