>>During the time between the daemon launch and it closing it's file
>>handles and calling setsid(2) (which some daemons don't do because
>>they are buggy) any other code running in the same UID could take over
>>the process via ptrace, fork off a child process that inherits the
>>administrator tty, and then stuff characters into the keyboard buffer
>>with ioctl(fd,TIOCSTI,&c) (*).
>
>
> (a) And there would be untrusted code running as postgres exactly why?
>
> (b) Seems to me the real security bug here is the mere existence of that
> ioctl call.
I was asked on IRC just why we can't have user=postgres and
group=postgres in the postgresql.conf, and simply when we are run as
root, switch to that user and group.
Chris