From owner-freebsd-stable@FreeBSD.ORG Mon Apr 3 22:50:36 2006 Return-Path: X-Original-To: freebsd-stable@FreeBSD.org Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7E2016A400; Mon, 3 Apr 2006 22:50:36 +0000 (UTC) (envelope-from sfrost@snowman.net) Received: from ns.snowman.net (ns.snowman.net [66.92.160.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 221E743D48; Mon, 3 Apr 2006 22:50:34 +0000 (GMT) (envelope-from sfrost@snowman.net) Received: by ns.snowman.net (Postfix, from userid 1000) id A174E17AD6; Mon, 3 Apr 2006 18:51:45 -0400 (EDT) Date: Mon, 3 Apr 2006 18:51:45 -0400 From: Stephen Frost To: Robert Watson Message-ID: <20060403225145.GI4474@ns.snowman.net> Mail-Followup-To: Robert Watson , Tom Lane , "Marc G. Fournier" , Kris Kennaway , freebsd-stable@FreeBSD.org, pgsql-hackers@postgresql.org References: <26985.1144029657@sss.pgh.pa.us> <20060402231232.C947@ganymede.hub.org> <27148.1144030940@sss.pgh.pa.us> <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403164139.D36756@fledge.watson.org> <14654.1144082224@sss.pgh.pa.us> <20060403194251.GF4474@ns.snowman.net> <20060403233540.D76562@fledge.watson.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="lz57agH/f2uIVKk9" Content-Disposition: inline In-Reply-To: <20060403233540.D76562@fledge.watson.org> X-Editor: Vim http://www.vim.org/ X-Info: http://www.snowman.net X-Operating-System: Linux/2.4.24ns.3.0 (i686) X-Uptime: 18:39:33 up 296 days, 14:46, 5 users, load average: 0.15, 0.12, 0.08 User-Agent: Mutt/1.5.11 Cc: Tom Lane , "Marc G. Fournier" , pgsql-hackers@postgresql.org, freebsd-stable@FreeBSD.org, Kris Kennaway Subject: Re: [HACKERS] semaphore usage "port based"? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 22:50:36 -0000 --lz57agH/f2uIVKk9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Robert Watson (rwatson@FreeBSD.org) wrote: > On Mon, 3 Apr 2006, Stephen Frost wrote: > >This is certainly a problem with FBSD jails... Not only the=20 > >inconsistancy, but what happens if someone manages to get access to the= =20 > >appropriate uid under one jail and starts sniffing or messing with the= =20 > >semaphores or shared memory segments from other jails? If that's possib= le=20 > >then that's a rather glaring security problem... >=20 > This is why it's disabled by default, and the jail documentation=20 > specifically advises of this possibility. Excerpt below. Ah, I see, glad to see it's accurately documented. Given the rather significant use of shared memory by Postgres it seems to me that jail'ing it under FBSD is unlikely to get you the kind of isolation between instances that you want (the assumption being that you want to avoid the possibility of a user under one jail impacting a user in another jail). As such, I'd suggest finding something else if you truely need that isolation for Postgres or dropping the jails entirely. Running the Postgres instances under different uids (as you'd probably expect to do anyway if not using the jails) is probably the right approach. Doing that and using jails would probably work, just don't delude yourself into thinking that you're safe from a malicious user in one jail. Thanks, Stephen --lz57agH/f2uIVKk9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEMacBrzgMPqB3kigRAuW/AJ9oCMErPFtdaSQwsNvY2axRTcWQgACdFykp QOhIQsmJcjvCbj5WU58p5Sg= =rr2b -----END PGP SIGNATURE----- --lz57agH/f2uIVKk9--