"Tom Lane" <[EMAIL PROTECTED]> writes:
> "Marko Kreen" <[EMAIL PROTECTED]> writes:
>> (FYI - Debian already puts unix socket to directory writable
>> only to postgres user, so they dont have the problem. Maybe
>> we should encourage distros to move away from /tmp?)
>
> No, we shouldn't, and if I
"Roberts, Jon" <[EMAIL PROTECTED]> writes:
> Major Feature 3: Users will build their own functions to manipulate their
> own data and share the output with their department. PostgreSQL security
> currently does not secure the functions they write so the feature is not
> fully met.
Incidentally,
Mark Mielke <[EMAIL PROTECTED]> writes:
> Brendan Jurd wrote:
>> It doesn't solve the spoofing attack problem, but isn't Gurjeet's idea
>> a good one in any case?
>>
> What makes it good? It solves no problems. It prevents the server from
> coming up when it otherwise might still be able to.
The
Brendan Jurd wrote:
It doesn't solve the spoofing attack problem, but isn't Gurjeet's idea
a good one in any case?
What makes it good? It solves no problems. It prevents the server from
coming up when it otherwise might still be able to.
If the postmaster can't bind on one of the specified
Brendan Jurd wrote:
> On Dec 23, 2007 1:25 PM, Bruce Momjian <[EMAIL PROTECTED]> wrote:
> > I have written documentation for this item:
> >
> > http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
> >
> > Comments?
>
> I thought the content made sense, but the location didn't.
On Dec 23, 2007 1:25 PM, Bruce Momjian <[EMAIL PROTECTED]> wrote:
> I have written documentation for this item:
>
> http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
>
> Comments?
I thought the content made sense, but the location didn't. I wouldn't
expect to find instructi
Bruce Momjian wrote:
> I think at a minimum we need to add documentation that states if you
> don't trust the local users on the postmaster server you should:
>
> o create unix domain socket files in a non-world-writable
> directory
> o require SSL server certificates for TC
Brendan Jurd wrote:
> On Dec 23, 2007 12:20 PM, Bruce Momjian <[EMAIL PROTECTED]> wrote:
> > Gurjeet Singh wrote:
> > > On Dec 22, 2007 6:25 AM, Bruce Momjian <[EMAIL PROTECTED]> wrote:
> > > This way, if the attacker has control of even one interface (and
> > > optionally the local socket) tha
On Dec 23, 2007 12:20 PM, Bruce Momjian <[EMAIL PROTECTED]> wrote:
> Gurjeet Singh wrote:
> > On Dec 22, 2007 6:25 AM, Bruce Momjian <[EMAIL PROTECTED]> wrote:
> > This way, if the attacker has control of even one interface (and
> > optionally the local socket) that the clients are expected to
Gurjeet Singh wrote:
> On Dec 22, 2007 6:25 AM, Bruce Momjian <[EMAIL PROTECTED]> wrote:
>
> >
> > It is possible for the attacker to use one of the interfaces (tcp or
> > unix domain) and wait for the postmaster to start. The postmaster will
> > fail to start on the interface in use but will sta
On Dec 22, 2007 6:25 AM, Bruce Momjian <[EMAIL PROTECTED]> wrote:
>
> It is possible for the attacker to use one of the interfaces (tcp or
> unix domain) and wait for the postmaster to start. The postmaster will
> fail to start on the interface in use but will start on the other
> interface and t
* Roberts, Jon ([EMAIL PROTECTED]) wrote:
> Major Feature 3: Users will build their own functions to manipulate their
> own data and share the output with their department. PostgreSQL security
> currently does not secure the functions they write so the feature is not
> fully met.
Alright, this is
Tom Lane indicated this thread should be moved here. Instead of asking for
what I consider the solution, let me propose a real business case and you
guys tell me how best to handle it.
I am building an Enterprise Data Warehouse with PostgreSQL. BTW, I love
this database. I will have data from
"Marko Kreen" <[EMAIL PROTECTED]> writes:
> (FYI - Debian already puts unix socket to directory writable
> only to postgres user, so they dont have the problem. Maybe
> we should encourage distros to move away from /tmp?)
No, we shouldn't, and if I had any authority over them I would make
Debian
"Mike Rylander" <[EMAIL PROTECTED]> writes:
> On Dec 22, 2007 1:04 PM, Tom Lane <[EMAIL PROTECTED]> wrote:
>> Hmm ... we've always thought of SSL as being primarily comm security
>> and thus useless on a Unix socket, but the mutual authentication aspect
>> could come in handy as an answer for this
On 12/22/07, Peter Eisentraut <[EMAIL PROTECTED]> wrote:
> Bruce Momjian wrote:
> > The fundamental problem is that because we don't require root, any user's
> > postmaster or pretend postmaster is as legitimate as anyone else's. SSL
> > certificates add legitimacy checks for TCP, but not for unix
On Dec 22, 2007 1:04 PM, Tom Lane <[EMAIL PROTECTED]> wrote:
> Peter Eisentraut <[EMAIL PROTECTED]> writes:
> > Wouldn't SSL work over Unix-domain sockets as well? The API only deals with
> > file descriptors.
>
> Hmm ... we've always thought of SSL as being primarily comm security
> and thus usel
Peter Eisentraut <[EMAIL PROTECTED]> writes:
> Wouldn't SSL work over Unix-domain sockets as well? The API only deals with
> file descriptors.
Hmm ... we've always thought of SSL as being primarily comm security
and thus useless on a Unix socket, but the mutual authentication aspect
could come i
Andrew Dunstan wrote:
>
>
> Peter Eisentraut wrote:
>> Bruce Momjian wrote:
>>
>>> The fundamental problem is that because we don't require root, any
>>> user's
>>> postmaster or pretend postmaster is as legitimate as anyone else's. SSL
>>> certificates add legitimacy checks for TCP, but not f
Andrew Dunstan wrote:
> But we don't check the SSL cert's credentials in the client, AFAIK.
We do if you configure it so. But I must admit that this fact is not well
advertised. It is documented, but you have to look carefully.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
---
Peter Eisentraut wrote:
Bruce Momjian wrote:
The fundamental problem is that because we don't require root, any user's
postmaster or pretend postmaster is as legitimate as anyone else's. SSL
certificates add legitimacy checks for TCP, but not for unix domain
sockets.
Wouldn't SSL wo
Bruce Momjian wrote:
> The fundamental problem is that because we don't require root, any user's
> postmaster or pretend postmaster is as legitimate as anyone else's. SSL
> certificates add legitimacy checks for TCP, but not for unix domain
> sockets.
Wouldn't SSL work over Unix-domain sockets as
On Sat, 22 Dec 2007 09:25:05 -0500 (EST)
Bruce Momjian <[EMAIL PROTECTED]> wrote:
> I think at a minimum we need to add documentation that states if you
> don't trust the local users on the postmaster server you should:
>
> o create unix domain socket files in a non-world-writable
>
>Tom Lane wrote:
>>range-checks are present only where needed for the backend to defend itself
Survival is very important, but so is maintaining data integrity. IMHO, data
validation should be as consistent as possible. If the backend refuses data on
one hand but allows it on the other, confu
A few months ago a security concern was sent to core. We have discussed
it but see little we can do to address it in the code so I am posting to
hackers in case there is something we didn't think of or if
documentation additions are necessary.
Most users understand that if they are connecting to
On Sat, Dec 22, 2007 at 02:07:28AM -0500, Francisco wrote:
> I'm working on a decoder to take a raw main/base file and given table format
> parameters to pull out relevant data.
>
> My question is whether anyone has developed such a tool. Something that
> takes the raw file and table format as inp
"Brian Hurt" <[EMAIL PROTECTED]> writes:
> 3) It's possible to perform the sort lazily. You have the initial O(N) pass
> over the list, but then each block is only O(log N) cost. If it's likely that
> only the first part of the result is needed, then much of the work can be
> avoided.
Now that'
This has been saved for the 8.4 release:
http://momjian.postgresql.org/cgi-bin/pgpatches_hold
---
Andrew Sullivan wrote:
> On Sun, Dec 16, 2007 at 12:31:11PM -0500, Tom Lane wrote:
> >
> > Well, I wouldn't advocate
28 matches
Mail list logo