Re: Spoofing as the postmaster

Magnus Hagander <magnus@hagander.net> writes:
> Peter Eisentraut wrote:
>> These services either use a protected port or a protected directory, or they
>> support SSL or something similar (SSH), or they are deprecated, as many 
>> traditional Unix services are.  If you find a service that is not covered by
>> this, then yes, you have a problem.

> It's certainly the default on my SQL Servers. And Sybase. AFAIK it's the
> default on MySQL,

Nyet.  I find this in configure.in in mysql 5.0.45 (reasonably current):

# The port should be constant for a LONG time
MYSQL_TCP_PORT_DEFAULT=3306
MYSQL_UNIX_ADDR_DEFAULT="/tmp/mysql.sock"

I see that Red Hat's RPM specfile overrides that:--with-unix-socket-path=/var/lib/mysql/mysql.sock
which was a decision that was taken long before I had anything to do
with it.  Note that neither the out-of-the-box default nor the
RH-modified convention appear to support multiple servers on the same
box with any degree of convenience; the server doesn't adjust the path
name depending on port number.
        regards, tom lane