On Mon, Apr 03, 2006 at 06:51:45PM -0400, Stephen Frost wrote: > * Robert Watson ([EMAIL PROTECTED]) wrote: > > On Mon, 3 Apr 2006, Stephen Frost wrote: > > >This is certainly a problem with FBSD jails... Not only the > > >inconsistancy, but what happens if someone manages to get access to the > > >appropriate uid under one jail and starts sniffing or messing with the > > >semaphores or shared memory segments from other jails? If that's possible > > >then that's a rather glaring security problem... > > > > This is why it's disabled by default, and the jail documentation > > specifically advises of this possibility. Excerpt below. > > Ah, I see, glad to see it's accurately documented. Given the rather > significant use of shared memory by Postgres it seems to me that > jail'ing it under FBSD is unlikely to get you the kind of isolation > between instances that you want (the assumption being that you want to > avoid the possibility of a user under one jail impacting a user in > another jail). As such, I'd suggest finding something else if you > truely need that isolation for Postgres or dropping the jails entirely. > > Running the Postgres instances under different uids (as you'd probably > expect to do anyway if not using the jails) is probably the right > approach. Doing that and using jails would probably work, just don't > delude yourself into thinking that you're safe from a malicious user in > one jail.
Yes; however jails are still useful for administrative compartmentalization even when you have to weaken their security properties, such as here. Kris
pgp2ZsCjYtna3.pgp
Description: PGP signature
