Am Freitag, 18. Januar 2008 schrieb Alvaro Herrera: > I propose to create a dangling symlink on system startup in > /tmp/.s.PGSQL.<port> to the real socket, which is not on a > world-writable directory. This avoids the spoofer, because he cannot > create the socket -- the symlink is occupying its place.
This approaches the issue from the wrong end. Spoofing attacks the client, so the defense must be in the client. If the defense of the client is to rely on a carefully configured server, then that might exclude some possible attack vectors, but it is not a defense the client can rely on. To look at this in another way, if we relied on every browser user to type in web addresses correctly and all server administrators to make sure their "socket address" cannot be hijacked, we wouldn't need SSL on the web. The proper approach, however, is to configure the client to only talk to servers that can prove their identity. -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
