Date: Mon, 3 Apr 2006 18:57:12 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Robert Watson <rwatson@FreeBSD.org>, Tom Lane <tgl@sss.pgh.pa.us>, "Marc G. Fournier" <scrappy@postgresql.org>, Kris Kennaway <kris@obsecurity.org>, freebsd-stable@FreeBSD.org, pgsql-hackers@postgresql.org Subject: Re: [HACKERS] semaphore usage "port based"? Message-ID: <20060403225712.GA63521@xor.obsecurity.org> In-Reply-To: <20060403225145.GI4474@ns.snowman.net> References: <20060402231232.C947@ganymede.hub.org> <27148.1144030940@sss.pgh.pa.us> <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403164139.D36756@fledge.watson.org> <14654.1144082224@sss.pgh.pa.us> <20060403194251.GF4474@ns.snowman.net> <20060403233540.D76562@fledge.watson.org> <20060403225145.GI4474@ns.snowman.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Apr 03, 2006 at 06:51:45PM -0400, Stephen Frost wrote: > * Robert Watson (rwatson@FreeBSD.org) wrote: > > On Mon, 3 Apr 2006, Stephen Frost wrote: > > >This is certainly a problem with FBSD jails... Not only the=20 > > >inconsistancy, but what happens if someone manages to get access to th= e=20 > > >appropriate uid under one jail and starts sniffing or messing with the= =20 > > >semaphores or shared memory segments from other jails? If that's poss= ible=20 > > >then that's a rather glaring security problem... > >=20 > > This is why it's disabled by default, and the jail documentation=20 > > specifically advises of this possibility. Excerpt below. >=20 > Ah, I see, glad to see it's accurately documented. Given the rather > significant use of shared memory by Postgres it seems to me that > jail'ing it under FBSD is unlikely to get you the kind of isolation > between instances that you want (the assumption being that you want to > avoid the possibility of a user under one jail impacting a user in > another jail). As such, I'd suggest finding something else if you > truely need that isolation for Postgres or dropping the jails entirely. >=20 > Running the Postgres instances under different uids (as you'd probably > expect to do anyway if not using the jails) is probably the right > approach. Doing that and using jails would probably work, just don't > delude yourself into thinking that you're safe from a malicious user in > one jail. Yes; however jails are still useful for administrative compartmentalization even when you have to weaken their security properties, such as here. Kris --jRHKVT23PllUwdXP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEMahIWry0BWjoQKURApvoAJ9iEkzbS4hGoKBXoBoz5C/Pu414WwCfXyrJ k7mbP9+JE+LgF216s3YmkFU= =BMZO -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060403225712.GA63521>