Date: Mon, 3 Apr 2006 21:19:04 -0400 From: Stephen Frost <sfrost@snowman.net> To: "Marc G. Fournier" <scrappy@postgresql.org> Cc: Tom Lane <tgl@sss.pgh.pa.us>, Kris Kennaway <kris@obsecurity.org>, Robert Watson <rwatson@FreeBSD.org>, freebsd-stable@FreeBSD.org, pgsql-hackers@postgresql.org Subject: Re: [HACKERS] semaphore usage "port based"? Message-ID: <20060404011904.GJ4474@ns.snowman.net> In-Reply-To: <20060403204355.T947@ganymede.hub.org> References: <27148.1144030940@sss.pgh.pa.us> <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403164139.D36756@fledge.watson.org> <14654.1144082224@sss.pgh.pa.us> <20060403194251.GF4474@ns.snowman.net> <20060403233540.D76562@fledge.watson.org> <20060403225145.GI4474@ns.snowman.net> <20060403204355.T947@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--6HHXvx90kGsKiAT4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Marc G. Fournier (scrappy@postgresql.org) wrote: > On Mon, 3 Apr 2006, Stephen Frost wrote: > >Running the Postgres instances under different uids (as you'd probably > >expect to do anyway if not using the jails) is probably the right > >approach. Doing that and using jails would probably work, just don't > >delude yourself into thinking that you're safe from a malicious user in > >one jail. >=20 > We don't ... we put all our databases on a central database server, even= =20 > private ones, that nobody has shell access to ... we keep them isolated= =20 > ... I guess what I was trying to get at is this: Running 2 Postgres instances under FreeBSD with (or without really, but I guess that's more obvious) jails but with the same UID is a bad idea.=20 Even if Postgres could be modified to allow this to work you're going to be in a position where the jail isn't really helping much except to give a somewhat false (in this case) sense of security. We probably shouldn't encourage it and in fact it's something of a nice feature that it breaks. The reasoning is pretty simple: if someone manages to get control of=20 one of the Postgres instances they're going to be able to wreck havoc on the other. With different UIDs, with or without jails, this would be much more difficult (need to get root first). Running 2 Postgres instances under FreeBSD with jails *and* different UIDs is *probably* better than w/o jails but since you have to enable the single-instance IPC system it might not be that great of a benefit over a simple chroot or similar. Hope that helps... Thanks, Stephen --6HHXvx90kGsKiAT4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEMcmIrzgMPqB3kigRAuoTAJwK+/f7rHCTqBfyV1SgTE/hqO3NDQCfQeVF Ujdo3o1LxtguFyU9mQbE4zI= =H/kM -----END PGP SIGNATURE----- --6HHXvx90kGsKiAT4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060404011904.GJ4474>