David Fetter <da...@fetter.org> writes: > On Fri, Feb 26, 2016 at 04:55:23PM +0530, Robert Haas wrote: >> On Wed, Feb 24, 2016 at 4:01 AM, David Fetter <da...@fetter.org> wrote: >>> I'm thinking that both the GUC check and the configure one should >>> restrict it to [1024..65535].
>> Doesn't sound like a good idea to me. If somebody has a reason they >> want to do that, they shouldn't have to hack the source code and >> recompile to make it work. > I'm not sure I understand a use case here. > On *n*x, we already disallow running as root pretty aggressively, > using the "have to hack the source code and recompile" level of effort > you aptly described. This is just cleanup work on that project, as I > see it. > What am I missing? You're assuming that every system under the sun prevents non-root processes from opening ports below 1024. I do not know if that's true, and even if it is, it doesn't seem to me that it's our job to enforce it. I agree with Robert --- restricting to [1,65535] is plenty good enough. regards, tom lane -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers