Re: abstract Unix-domain sockets
| От | Andreas Karlsson |
|---|---|
| Тема | Re: abstract Unix-domain sockets |
| Дата | |
| Msg-id | 3d24b59c-3e35-1dd0-763b-5f65e1d89422@proxel.se обсуждение исходный текст |
| Ответ на | Re: abstract Unix-domain sockets (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>) |
| Список | pgsql-hackers |
On 11/9/20 9:04 AM, Peter Eisentraut wrote: > On 2020-11-09 07:08, Michael Paquier wrote: >> As abstract namespaces don't have permissions, anyone knowing the name >> of the path, which should be unique, can have an access to the server. >> Do you think that the documentation should warn the user about that? >> This feature is about easing the management part of the socket paths >> while throwing away the security aspect of it. > > We could modify the documentation further. But note that the > traditional way of putting the socket into /tmp has the same properties, > so this shouldn't be a huge shock. One issue with them is that they interact differently with kernel namespaces than normal unix sockets do. Abstract sockets are handled by the network namespaces, and not the file system namespaces. But I am not sure that this is our job to document. Andreas
В списке pgsql-hackers по дате отправления: