Re: abstract Unix-domain sockets
Andreas Karlsson <andreas@proxel.se>
From: Andreas Karlsson <andreas@proxel.se>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>,
Michael Paquier <michael@paquier.xyz>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2020-11-09T15:58:06Z
Lists: pgsql-hackers
On 11/9/20 9:04 AM, Peter Eisentraut wrote: > On 2020-11-09 07:08, Michael Paquier wrote: >> As abstract namespaces don't have permissions, anyone knowing the name >> of the path, which should be unique, can have an access to the server. >> Do you think that the documentation should warn the user about that? >> This feature is about easing the management part of the socket paths >> while throwing away the security aspect of it. > > We could modify the documentation further. But note that the > traditional way of putting the socket into /tmp has the same properties, > so this shouldn't be a huge shock. One issue with them is that they interact differently with kernel namespaces than normal unix sockets do. Abstract sockets are handled by the network namespaces, and not the file system namespaces. But I am not sure that this is our job to document. Andreas
Commits
-
Add support for abstract Unix-domain sockets
- c9f0624bc2f5 14.0 landed
-
Make error hint from bind() failure more accurate
- d5d91acdccae 14.0 landed
-
Remove obsolete ifdefs
- 555eb1a4f011 14.0 landed