Date: Mon, 3 Apr 2006 20:46:32 -0300 (ADT) From: "Marc G. Fournier" <scrappy@postgresql.org> To: Stephen Frost <sfrost@snowman.net> Cc: freebsd-stable@FreeBSD.org, pgsql-hackers@postgresql.org, "Marc G. Fournier" <scrappy@postgresql.org>, Robert Watson <rwatson@FreeBSD.org>, Kris Kennaway <kris@obsecurity.org>, Tom Lane <tgl@sss.pgh.pa.us> Subject: Re: [HACKERS] semaphore usage "port based"? Message-ID: <20060403204355.T947@ganymede.hub.org> In-Reply-To: <20060403225145.GI4474@ns.snowman.net> References: <26985.1144029657@sss.pgh.pa.us> <20060402231232.C947@ganymede.hub.org> <27148.1144030940@sss.pgh.pa.us> <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403164139.D36756@fledge.watson.org> <14654.1144082224@sss.pgh.pa.us> <20060403194251.GF4474@ns.snowman.net> <20060403233540.D76562@fledge.watson.org> <20060403225145.GI4474@ns.snowman.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Apr 2006, Stephen Frost wrote: > * Robert Watson (rwatson@FreeBSD.org) wrote: >> On Mon, 3 Apr 2006, Stephen Frost wrote: >>> This is certainly a problem with FBSD jails... Not only the >>> inconsistancy, but what happens if someone manages to get access to the >>> appropriate uid under one jail and starts sniffing or messing with the >>> semaphores or shared memory segments from other jails? If that's possible >>> then that's a rather glaring security problem... >> >> This is why it's disabled by default, and the jail documentation >> specifically advises of this possibility. Excerpt below. > > Ah, I see, glad to see it's accurately documented. Given the rather > significant use of shared memory by Postgres it seems to me that > jail'ing it under FBSD is unlikely to get you the kind of isolation > between instances that you want (the assumption being that you want to > avoid the possibility of a user under one jail impacting a user in > another jail). As such, I'd suggest finding something else if you > truely need that isolation for Postgres or dropping the jails entirely. > > Running the Postgres instances under different uids (as you'd probably > expect to do anyway if not using the jails) is probably the right > approach. Doing that and using jails would probably work, just don't > delude yourself into thinking that you're safe from a malicious user in > one jail. We don't ... we put all our databases on a central database server, even private ones, that nobody has shell access to ... we keep them isolated ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060403204355.T947>