[HACKERS] semaphore usage "port based"?

[Marc G. Fournier]

On Mon, 3 Apr 2006, Stephen Frost wrote:

> * Robert Watson (rwatson at FreeBSD.org) wrote:
>> On Mon, 3 Apr 2006, Stephen Frost wrote:
>>> This is certainly a problem with FBSD jails...  Not only the
>>> inconsistancy, but what happens if someone manages to get access to the
>>> appropriate uid under one jail and starts sniffing or messing with the
>>> semaphores or shared memory segments from other jails?  If that's possible
>>> then that's a rather glaring security problem...
>>
>> This is why it's disabled by default, and the jail documentation
>> specifically advises of this possibility.  Excerpt below.
>
> Ah, I see, glad to see it's accurately documented.  Given the rather
> significant use of shared memory by Postgres it seems to me that
> jail'ing it under FBSD is unlikely to get you the kind of isolation
> between instances that you want (the assumption being that you want to
> avoid the possibility of a user under one jail impacting a user in
> another jail).  As such, I'd suggest finding something else if you
> truely need that isolation for Postgres or dropping the jails entirely.
>
> Running the Postgres instances under different uids (as you'd probably
> expect to do anyway if not using the jails) is probably the right
> approach.  Doing that and using jails would probably work, just don't
> delude yourself into thinking that you're safe from a malicious user in
> one jail.

We don't ... we put all our databases on a central database server, even 
private ones, that nobody has shell access to ... we keep them isolated 
...

----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email: scrappy at hub.org           Yahoo!: yscrappy              ICQ: 7615664