|
1 |
| -<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.403 2008/01/24 06:23:32 petere Exp $ --> |
| 1 | +<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.404 2008/01/31 17:22:43 momjian Exp $ --> |
2 | 2 |
|
3 | 3 | <chapter Id="runtime">
|
4 | 4 | <title>Operating System Environment</title>
|
@@ -1397,7 +1397,16 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
|
1397 | 1397 | connections is to use a Unix domain socket directory (<xref
|
1398 | 1398 | linkend="guc-unix-socket-directory">) that has write permission only
|
1399 | 1399 | for a trusted local user. This prevents a malicious user from creating
|
1400 |
| - their own socket file in that directory. For TCP connections the server |
| 1400 | + their own socket file in that directory. If you are concerned that |
| 1401 | + some applications might still look in <filename>/tmp</> for the |
| 1402 | + socket file and hence be vulnerable to spoofing, create a symbolic link |
| 1403 | + during operating system startup in <filename>/tmp</> that points to |
| 1404 | + the relocated socket file. You also might need to modify your |
| 1405 | + <filename>/tmp</> cleanup script to preserve the symbolic link. |
| 1406 | + </para> |
| 1407 | + |
| 1408 | + <para> |
| 1409 | + For TCP connections the server |
1401 | 1410 | must accept only <literal>hostssl</> connections (<xref
|
1402 | 1411 | linkend="auth-pg-hba-conf">) and have SSL
|
1403 | 1412 | <filename>server.key</filename> (key) and
|
|