During the time between the daemon launch and it closing it's file handles and calling setsid(2) (which some daemons don't do because they are buggy) any other code running in the same UID could take over the process via ptrace, fork off a child process that inherits the administrator tty, and then stuff characters into the keyboard buffer with ioctl(fd,TIOCSTI,&c) (*).
(a) And there would be untrusted code running as postgres exactly why?
(b) Seems to me the real security bug here is the mere existence of that ioctl call.
I was asked on IRC just why we can't have user=postgres and group=postgres in the postgresql.conf, and simply when we are run as root, switch to that user and group.
Chris
---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend