* Bruce Momjian (pgman@candle.pha.pa.us) wrote: > I updated the wording to say 'non-root users': > > If running in FreeBSD jails by enabling <application>sysconf</>'s > <literal>security.jail.sysvipc_allowed</>, <application>postmaster</>s > running in different jails should be run by different operating system > users. This improves security because it prevents non-root users > from interfering with shared memory or semaphores in a different jail, > and it allows the PostgreSQL IPC cleanup code to function properly. > (In FreeBSD 6.0 and later the IPC cleanup code doesn't properly detect > processes in other jails, preventing the running of postmasters on the > same port in different jails.)
You're still saying it'll do something that it won't... It doesn't
prevent non-root users from messing with each other if they're the same
UID, even if they're under different jails... That's the whole problem
here. :)
Thanks,
Stephen
signature.asc
Description: Digital signature
