Re: OpenBSD Trusted Path Execution (TPE) compatibility?
| От | Joshua Jore |
|---|---|
| Тема | Re: OpenBSD Trusted Path Execution (TPE) compatibility? |
| Дата | |
| Msg-id | Pine.BSO.4.33.0107052014140.21473-100000@aaieee.daisy-chan.org обсуждение исходный текст |
| Ответ на | Re: OpenBSD Trusted Path Execution (TPE) compatibility? (Peter Eisentraut <peter_e@gmx.net>) |
| Список | pgsql-general |
Nah, the restriction is only on fd 0 which isn't going to happen in reads to real files. I've got it figured out now - unless I write some code for PostgreSQL and don't let root own it (not run it, the postgresql user does that) then I don't have to trust the daemon user. Thanks for the suggestion tho. It's been an education ;-) Josh On Thu, 5 Jul 2001, Peter Eisentraut wrote: > Joshua Jore writes: > > > Prevent execution of binaries that are in directories not owned by root > > Prevents interpreters from reading from STDIN > > Protect most proc info and *stat stuff > > Strips LD_PRELOAD and LD_LIBRARY_PATH > > > > Is there any reason that PostgreSQL or postmaster would have a problem > > with this > > You might have trouble with the second item if you're using passwords, > since those have to come from stdin somehow. But your description is too > vague to tell. The others shouldn't pose any problems. > > -- > Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter > > > ---------------------------(end of broadcast)--------------------------- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/users-lounge/docs/faq.html >
В списке pgsql-general по дате отправления: