From owner-freebsd-stable@FreeBSD.ORG Tue Apr 4 01:17:54 2006 Return-Path: X-Original-To: freebsd-stable@FreeBSD.org Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA5DE16A41F; Tue, 4 Apr 2006 01:17:54 +0000 (UTC) (envelope-from sfrost@snowman.net) Received: from ns.snowman.net (ns.snowman.net [66.92.160.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25DF943D4C; Tue, 4 Apr 2006 01:17:54 +0000 (GMT) (envelope-from sfrost@snowman.net) Received: by ns.snowman.net (Postfix, from userid 1000) id E5CE217AD6; Mon, 3 Apr 2006 21:19:04 -0400 (EDT) Date: Mon, 3 Apr 2006 21:19:04 -0400 From: Stephen Frost To: "Marc G. Fournier" Message-ID: <20060404011904.GJ4474@ns.snowman.net> Mail-Followup-To: "Marc G. Fournier" , Robert Watson , Tom Lane , pgsql-hackers@postgresql.org, freebsd-stable@FreeBSD.org, Kris Kennaway References: <27148.1144030940@sss.pgh.pa.us> <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403164139.D36756@fledge.watson.org> <14654.1144082224@sss.pgh.pa.us> <20060403194251.GF4474@ns.snowman.net> <20060403233540.D76562@fledge.watson.org> <20060403225145.GI4474@ns.snowman.net> <20060403204355.T947@ganymede.hub.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6HHXvx90kGsKiAT4" Content-Disposition: inline In-Reply-To: <20060403204355.T947@ganymede.hub.org> X-Editor: Vim http://www.vim.org/ X-Info: http://www.snowman.net X-Operating-System: Linux/2.4.24ns.3.0 (i686) X-Uptime: 21:03:47 up 296 days, 17:10, 5 users, load average: 0.00, 0.03, 0.01 User-Agent: Mutt/1.5.11 Cc: Tom Lane , Kris Kennaway , Robert Watson , freebsd-stable@FreeBSD.org, pgsql-hackers@postgresql.org Subject: Re: [HACKERS] semaphore usage "port based"? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2006 01:17:54 -0000 --6HHXvx90kGsKiAT4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Marc G. Fournier (scrappy@postgresql.org) wrote: > On Mon, 3 Apr 2006, Stephen Frost wrote: > >Running the Postgres instances under different uids (as you'd probably > >expect to do anyway if not using the jails) is probably the right > >approach. Doing that and using jails would probably work, just don't > >delude yourself into thinking that you're safe from a malicious user in > >one jail. >=20 > We don't ... we put all our databases on a central database server, even= =20 > private ones, that nobody has shell access to ... we keep them isolated= =20 > ... I guess what I was trying to get at is this: Running 2 Postgres instances under FreeBSD with (or without really, but I guess that's more obvious) jails but with the same UID is a bad idea.=20 Even if Postgres could be modified to allow this to work you're going to be in a position where the jail isn't really helping much except to give a somewhat false (in this case) sense of security. We probably shouldn't encourage it and in fact it's something of a nice feature that it breaks. The reasoning is pretty simple: if someone manages to get control of=20 one of the Postgres instances they're going to be able to wreck havoc on the other. With different UIDs, with or without jails, this would be much more difficult (need to get root first). Running 2 Postgres instances under FreeBSD with jails *and* different UIDs is *probably* better than w/o jails but since you have to enable the single-instance IPC system it might not be that great of a benefit over a simple chroot or similar. Hope that helps... Thanks, Stephen --6HHXvx90kGsKiAT4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEMcmIrzgMPqB3kigRAuoTAJwK+/f7rHCTqBfyV1SgTE/hqO3NDQCfQeVF Ujdo3o1LxtguFyU9mQbE4zI= =H/kM -----END PGP SIGNATURE----- --6HHXvx90kGsKiAT4--