> > Yes, that is correct - runas is similar to su. But in order to do
> > "runas", you need the service accounts password. Once you
> are "root"
> > on a unix system, you can do "su - user" *without* the password.
> > That's a big difference.
> > (You can also use the postgres accounts smartcard, if you are using
> > smartcard logins, but the deal is that you need *something* that is
> > normally private to the account - even if you are an administrator)
>
> Is that at application level or system level? You know I can
> install a patched su that asks root for passwords as well,
> but the problem is with the seteuid() system call, not su.
> You can (with SELinux) limit root powers a lot, but that's
> not the point.
I think it's at the system level. At least there is no API to do it.
> > I guess we could read in the password ourselves and drop it in our
> > shared memory segment to pass to subprocesses - though that
> means they
> > can get to the password easier as well. Assuming OpenSSL
> has the APIs
> > for that, I haven't checked that. I'm unconvinced it makes
> enough of a
> > difference to be worthwhile, though.
> > (BTW, am I correct in reading this as a problem that only
> appears on
> > win32, because of the exec nature of the backend, right? Or does it
> > show up on Unix as well?)
>
> Is the Unix version much different? I think the postmaster
> just forks and execs the backends.
It forks. It doesn't exec. As such, it inherits all the memory from the
postmaster.
> But, aren't connections
> handled by the postmaster? All the SSL thing should happen
> before the fork I think. Is the Windows model different? Do
> backends handle SSL negotiation?
On win32 we do fork() + exec(), and the OpenSSL library requires a new
initialization, including reading the key. I should say I'm speaking
from memory of stuff I looked at a longt ime ago, though - it could
probably do with someone looking throuhg exactly how it is now ;-)
IIRC, the problem is that the openssl structs contain function pointers,
which are not guaranteed to point to the same thing in the child.
//Magnus