On Sat, Feb 11, 2006 at 03:04:00PM +0100, Florian Weimer wrote:
> * Tom Lane:
>
> > Actually, it's "because it's certain to be there and be accessible to
> > unprivileged users".
>
> Isn't this a bit problematic because any local user can impersonate a
> PostgreSQL backend which has been shut down?
Well, I guess it's an issue. At least it's not suceptable to the
standard symlink attacks. There is in general no way of knowing if the
server you are connecting to is what you think it is (except via SSL
maybe?).
The good thing is that if you're using md5 auth they can't grab your
password. The bad thing is that the server decides the authentication
protocol :(. Man-in-the-middle attacks would only be feasable for
attacker that have the same UID as the postmaster (deleting the socket
and creating a new one over the top). In those cases there's little you
can do anyway.
Putting the socket in a directory owned by the postgres user does stop
other users impersonating the server. Currently, if two local users
both compile a postgres server, they may end up connecting to
eachothers servers :).
These no real way around this. The only real option would be moving to
a home directory but that would require knowing the username the server
is running under...
Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.