Re: semaphore usage "port based"?

* Bruce Momjian (pgman@candle.pha.pa.us) wrote:
> I updated the wording to say 'non-root users':
>
>         If running in FreeBSD jails by enabling <application>sysconf</>'s
>         <literal>security.jail.sysvipc_allowed</>, <application>postmaster</>s
>         running in different jails should be run by different operating system
>         users.  This improves security because it prevents non-root users
>         from interfering with shared memory or semaphores in a different jail,
>         and it allows the PostgreSQL IPC cleanup code to function properly.
>         (In FreeBSD 6.0 and later the IPC cleanup code doesn't properly detect
>         processes in other jails, preventing the running of postmasters on the
>         same port in different jails.)

You're still saying it'll do something that it won't...  It doesn't
prevent non-root users from messing with each other if they're the same
UID, even if they're under different jails...  That's the whole problem
here. :)
Thanks,
    Stephen