Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Spoofing as the postmaster
- From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
- To: "Marko Kreen" <markokr(at)gmail(dot)com>
- Cc: "Peter Eisentraut" <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, "Bruce Momjian" <bruce(at)momjian(dot)us>, "Tomasz Ostrowski" <tometzky(at)batory(dot)org(dot)pl>
- Subject: Re: Spoofing as the postmaster
- Date: Sat, 22 Dec 2007 14:21:42 -0500
"Marko Kreen" <markokr(at)gmail(dot)com> writes: > (FYI - Debian already puts unix socket to directory writable > only to postgres user, so they dont have the problem. Maybe > we should encourage distros to move away from /tmp?) No, we shouldn't, and if I had any authority over them I would make Debian stop doing that. It amounts to a unilateral distro-specific change in the protocol, and I think it makes things *less* secure, because any clients who are expecting the socket to be in /tmp will be easy pickings for a spoofer. Debian cannot hope to prevent that scenario, because there are non-libpq-based client implementations. regards, tom lane
- Follow-Ups:
- Re: Spoofing as the postmaster
- From: Martijn van Oosterhout
- Re: Spoofing as the postmaster
- From: Gregory Stark
- Re: Spoofing as the postmaster
- References:
- Spoofing as the postmaster
- From: Bruce Momjian
- Re: Spoofing as the postmaster
- From: Peter Eisentraut
- Re: Spoofing as the postmaster
- From: Marko Kreen
- Spoofing as the postmaster
- Prev by Date: Re: Spoofing as the postmaster
- Next by Date: viewing source code
- Previous by thread: Re: Spoofing as the postmaster
- Next by thread: Re: Spoofing as the postmaster
- Indexes: