Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit8e9c7fe

Browse files
committed
Document the idea of creating a symbolic link in /tmp to prevent server
spoofing when the socket file has been moved.
1 parent7ae4318 commit8e9c7fe

File tree

1 file changed

+11
-2
lines changed

1 file changed

+11
-2
lines changed

‎doc/src/sgml/runtime.sgml

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.403 2008/01/24 06:23:32 petere Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.404 2008/01/31 17:22:43 momjian Exp $ -->
22

33
<chapter Id="runtime">
44
<title>Operating System Environment</title>
@@ -1397,7 +1397,16 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
13971397
connections is to use a Unix domain socket directory (<xref
13981398
linkend="guc-unix-socket-directory">) that has write permission only
13991399
for a trusted local user. This prevents a malicious user from creating
1400-
their own socket file in that directory. For TCP connections the server
1400+
their own socket file in that directory. If you are concerned that
1401+
some applications might still look in <filename>/tmp</> for the
1402+
socket file and hence be vulnerable to spoofing, create a symbolic link
1403+
during operating system startup in <filename>/tmp</> that points to
1404+
the relocated socket file. You also might need to modify your
1405+
<filename>/tmp</> cleanup script to preserve the symbolic link.
1406+
</para>
1407+
1408+
<para>
1409+
For TCP connections the server
14011410
must accept only <literal>hostssl</> connections (<xref
14021411
linkend="auth-pg-hba-conf">) and have SSL
14031412
<filename>server.key</filename> (key) and

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp