Date: Mon, 3 Apr 2006 18:51:45 -0400 From: Stephen Frost <sfrost@snowman.net> To: Robert Watson <rwatson@FreeBSD.org> Cc: Tom Lane <tgl@sss.pgh.pa.us>, "Marc G. Fournier" <scrappy@postgresql.org>, pgsql-hackers@postgresql.org, freebsd-stable@FreeBSD.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: [HACKERS] semaphore usage "port based"? Message-ID: <20060403225145.GI4474@ns.snowman.net> In-Reply-To: <20060403233540.D76562@fledge.watson.org> References: <26985.1144029657@sss.pgh.pa.us> <20060402231232.C947@ganymede.hub.org> <27148.1144030940@sss.pgh.pa.us> <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403164139.D36756@fledge.watson.org> <14654.1144082224@sss.pgh.pa.us> <20060403194251.GF4474@ns.snowman.net> <20060403233540.D76562@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--lz57agH/f2uIVKk9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Robert Watson (rwatson@FreeBSD.org) wrote: > On Mon, 3 Apr 2006, Stephen Frost wrote: > >This is certainly a problem with FBSD jails... Not only the=20 > >inconsistancy, but what happens if someone manages to get access to the= =20 > >appropriate uid under one jail and starts sniffing or messing with the= =20 > >semaphores or shared memory segments from other jails? If that's possib= le=20 > >then that's a rather glaring security problem... >=20 > This is why it's disabled by default, and the jail documentation=20 > specifically advises of this possibility. Excerpt below. Ah, I see, glad to see it's accurately documented. Given the rather significant use of shared memory by Postgres it seems to me that jail'ing it under FBSD is unlikely to get you the kind of isolation between instances that you want (the assumption being that you want to avoid the possibility of a user under one jail impacting a user in another jail). As such, I'd suggest finding something else if you truely need that isolation for Postgres or dropping the jails entirely. Running the Postgres instances under different uids (as you'd probably expect to do anyway if not using the jails) is probably the right approach. Doing that and using jails would probably work, just don't delude yourself into thinking that you're safe from a malicious user in one jail. Thanks, Stephen --lz57agH/f2uIVKk9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEMacBrzgMPqB3kigRAuW/AJ9oCMErPFtdaSQwsNvY2axRTcWQgACdFykp QOhIQsmJcjvCbj5WU58p5Sg= =rr2b -----END PGP SIGNATURE----- --lz57agH/f2uIVKk9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060403225145.GI4474>