Thread: OpenBSD Trusted Path Execution (TPE) compatibility?

OpenBSD Trusted Path Execution (TPE) compatibility?

From
Joshua Jore
Date:
Hi folks,
I'm new to postgresql so please bear with me. I've got PostgreSQL
installed and working successfully on my OpenBSD machine. I'm also installing
the TPE patches which do a few things:

Prevent execution of binaries that are in directories not owned by root
Prevents interpreters from reading from STDIN
Protect most proc info and *stat stuff
Strips LD_PRELOAD and LD_LIBRARY_PATH

Is there any reason that PostgreSQL or postmaster would have a problem
with this or has anyone tried these together? (It's always possible to
designate postgresql as a trusted user so it doesn't have these
restrictions but I'd rather not if I don't have to)

Thanks,
Joshua Jore


Re: OpenBSD Trusted Path Execution (TPE) compatibility?

From
Peter Eisentraut
Date:
Joshua Jore writes:

> Prevent execution of binaries that are in directories not owned by root
> Prevents interpreters from reading from STDIN
> Protect most proc info and *stat stuff
> Strips LD_PRELOAD and LD_LIBRARY_PATH
>
> Is there any reason that PostgreSQL or postmaster would have a problem
> with this

You might have trouble with the second item if you're using passwords,
since those have to come from stdin somehow.  But your description is too
vague to tell.  The others shouldn't pose any problems.

--
Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter


Re: OpenBSD Trusted Path Execution (TPE) compatibility?

From
Joshua Jore
Date:
Nah, the restriction is only on fd 0 which isn't going to happen in reads
to real files. I've got it figured out now - unless I write some code for
PostgreSQL and don't let root own it (not run it, the postgresql user does
that) then I don't have to trust the daemon user.

Thanks for the suggestion tho. It's been an education ;-)

Josh

On Thu, 5 Jul 2001, Peter Eisentraut wrote:

> Joshua Jore writes:
>
> > Prevent execution of binaries that are in directories not owned by root
> > Prevents interpreters from reading from STDIN
> > Protect most proc info and *stat stuff
> > Strips LD_PRELOAD and LD_LIBRARY_PATH
> >
> > Is there any reason that PostgreSQL or postmaster would have a problem
> > with this
>
> You might have trouble with the second item if you're using passwords,
> since those have to come from stdin somehow.  But your description is too
> vague to tell.  The others shouldn't pose any problems.
>
> --
> Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html
>