* Bruce Momjian (pgman@candle.pha.pa.us) wrote:
> I updated the wording to say 'non-root users':
>
> If running in FreeBSD jails by enabling <application>sysconf</>'s
> <literal>security.jail.sysvipc_allowed</>, <application>postmaster</>s
> running in different jails should be run by different operating system
> users. This improves security because it prevents non-root users
> from interfering with shared memory or semaphores in a different jail,
> and it allows the PostgreSQL IPC cleanup code to function properly.
> (In FreeBSD 6.0 and later the IPC cleanup code doesn't properly detect
> processes in other jails, preventing the running of postmasters on the
> same port in different jails.)
You're still saying it'll do something that it won't... It doesn't
prevent non-root users from messing with each other if they're the same
UID, even if they're under different jails... That's the whole problem
here. :)
Thanks,
Stephen