Magnus Hagander wrote:
> > Most kinds of server processes where you'd send sensitive information do
> > support SSL. Most of these server processes don't run over Unix-domain
> > sockets, though.
>
> Well, the question is not about sensitive information, is it? It's about
> password disclosure due to spoofing.
I included passwords as sensitive information.
> Which would affect *all* services
> that accept passwords over any kind of local connections - both unix
> sockets and TCP localhost.
These services either use a protected port or a protected directory, or they
support SSL or something similar (SSH), or they are deprecated, as many
traditional Unix services are. If you find a service that is not covered by
this, then yes, you have a problem.
> The best way to avoid it is of course not to give untrusted users access
> to launch arbitrary processes on your server. Something about that
> should perhaps be added to that new docs section?
That is pretty impractical. PostgreSQL is designed to run on multiuser
operating systems, so it should do it correctly. Such suggestions do not
raise confidence.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/