y...@netbsd.org (YAMAMOTO Takashi) writes: >> On Fri, Apr 04, 2014 at 02:36:05AM +0000, YAMAMOTO Takashi wrote: >>> openvswitch has some tricks to overcome the socket path length >>> limitation using symlink. (or procfs where available) >>> iirc these were introduced for debian builds which use deep CWD.
>> That's another reasonable approach. Does it have a notable advantage over >> placing the socket in a subdirectory of /tmp? Offhand, the security and >> compatibility consequences look similar. > an advantage is that the socket can be placed under CWD > and thus automatically obeys its directory permissions etc. I'm confused. The proposed alternative is to make a symlink in /tmp or someplace like that, pointing to a socket that might be deeply buried? How is that any better from a security standpoint from putting the socket right in /tmp? If /tmp is not sticky then an attacker can replace the symlink, no? regards, tom lane -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers