y...@netbsd.org (YAMAMOTO Takashi) writes:
>> On Fri, Apr 04, 2014 at 02:36:05AM +0000, YAMAMOTO Takashi wrote:
>>> openvswitch has some tricks to overcome the socket path length
>>> limitation using symlink.  (or procfs where available)
>>> iirc these were introduced for debian builds which use deep CWD.

>> That's another reasonable approach.  Does it have a notable advantage over
>> placing the socket in a subdirectory of /tmp?  Offhand, the security and
>> compatibility consequences look similar.

> an advantage is that the socket can be placed under CWD
> and thus automatically obeys its directory permissions etc.

I'm confused.  The proposed alternative is to make a symlink in /tmp
or someplace like that, pointing to a socket that might be deeply buried?
How is that any better from a security standpoint from putting the socket
right in /tmp?  If /tmp is not sticky then an attacker can replace the
symlink, no?

                        regards, tom lane

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to