Andrew Dunstan wrote:
>
>
> Alvaro Herrera wrote:
>> Andrew Dunstan wrote:
>>
>>
>>> I agree. I remain of the opinion that this is not a problem than can be
>>> solved purely within the bounds of postgres.
>>
>> I agree. Please comment on my proposed solution.
>
> I'm not sure tmp cleaners will work that well against a determined spoofer.
I don't understand. The tmp cleaner is something we have to _avoid_.
Let me repeat my proposal.
I propose to create a dangling symlink on system startup in
/tmp/.s.PGSQL.<port> to the real socket, which is not on a
world-writable directory. This avoids the spoofer, because he cannot
create the socket -- the symlink is occupying its place.
The only problem with this proposal is that the tmp cleaner would remove
the symlink. The solution to this is to configure the tmp cleaner so
that it doesn't do that.
It absolutely requires cooperation from the sysadmin, both to setup the
symlink initially, and to configure the tmp cleaner.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.