David Fetter <david@fetter.org> writes:
> On Fri, Feb 26, 2016 at 04:55:23PM +0530, Robert Haas wrote:
>> On Wed, Feb 24, 2016 at 4:01 AM, David Fetter <david@fetter.org> wrote:
>>> I'm thinking that both the GUC check and the configure one should
>>> restrict it to [1024..65535].
>> Doesn't sound like a good idea to me. If somebody has a reason they
>> want to do that, they shouldn't have to hack the source code and
>> recompile to make it work.
> I'm not sure I understand a use case here.
> On *n*x, we already disallow running as root pretty aggressively,
> using the "have to hack the source code and recompile" level of effort
> you aptly described. This is just cleanup work on that project, as I
> see it.
> What am I missing?
You're assuming that every system under the sun prevents non-root
processes from opening ports below 1024. I do not know if that's
true, and even if it is, it doesn't seem to me that it's our job
to enforce it. I agree with Robert --- restricting to [1,65535]
is plenty good enough.
regards, tom lane