Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 3 Apr 2006 18:57:12 -0400
From:      Kris Kennaway <kris@obsecurity.org>
To:        Robert Watson <rwatson@FreeBSD.org>, Tom Lane <tgl@sss.pgh.pa.us>, "Marc G. Fournier" <scrappy@postgresql.org>, Kris Kennaway <kris@obsecurity.org>, freebsd-stable@FreeBSD.org, pgsql-hackers@postgresql.org
Subject:   Re: [HACKERS] semaphore usage "port based"?
Message-ID:  <20060403225712.GA63521@xor.obsecurity.org>
In-Reply-To: <20060403225145.GI4474@ns.snowman.net>
References:  <20060402231232.C947@ganymede.hub.org> <27148.1144030940@sss.pgh.pa.us> <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403164139.D36756@fledge.watson.org> <14654.1144082224@sss.pgh.pa.us> <20060403194251.GF4474@ns.snowman.net> <20060403233540.D76562@fledge.watson.org> <20060403225145.GI4474@ns.snowman.net>

next in thread | previous in thread | raw e-mail | index | archive | help

--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Apr 03, 2006 at 06:51:45PM -0400, Stephen Frost wrote:
> * Robert Watson (rwatson@FreeBSD.org) wrote:
> > On Mon, 3 Apr 2006, Stephen Frost wrote:
> > >This is certainly a problem with FBSD jails...  Not only the=20
> > >inconsistancy, but what happens if someone manages to get access to th=
e=20
> > >appropriate uid under one jail and starts sniffing or messing with the=
=20
> > >semaphores or shared memory segments from other jails?  If that's poss=
ible=20
> > >then that's a rather glaring security problem...
> >=20
> > This is why it's disabled by default, and the jail documentation=20
> > specifically advises of this possibility.  Excerpt below.
>=20
> Ah, I see, glad to see it's accurately documented.  Given the rather
> significant use of shared memory by Postgres it seems to me that
> jail'ing it under FBSD is unlikely to get you the kind of isolation
> between instances that you want (the assumption being that you want to
> avoid the possibility of a user under one jail impacting a user in
> another jail).  As such, I'd suggest finding something else if you
> truely need that isolation for Postgres or dropping the jails entirely.
>=20
> Running the Postgres instances under different uids (as you'd probably
> expect to do anyway if not using the jails) is probably the right
> approach.  Doing that and using jails would probably work, just don't
> delude yourself into thinking that you're safe from a malicious user in
> one jail.

Yes; however jails are still useful for administrative
compartmentalization even when you have to weaken their security
properties, such as here.

Kris

--jRHKVT23PllUwdXP
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFEMahIWry0BWjoQKURApvoAJ9iEkzbS4hGoKBXoBoz5C/Pu414WwCfXyrJ
k7mbP9+JE+LgF216s3YmkFU=
=BMZO
-----END PGP SIGNATURE-----

--jRHKVT23PllUwdXP--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060403225712.GA63521>