1
0
mirror of https://github.com/postgres/postgres.git synced 2025-07-30 11:03:19 +03:00

Update spoofing /tmp symlink instructions to be more specific about the

name of the needed symlink file.
This commit is contained in:
Bruce Momjian
2008-01-31 23:03:16 +00:00
parent 06462f51e3
commit 162dc31428

View File

@ -1,4 +1,4 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.404 2008/01/31 17:22:43 momjian Exp $ --> <!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.405 2008/01/31 23:03:16 momjian Exp $ -->
<chapter Id="runtime"> <chapter Id="runtime">
<title>Operating System Environment</title> <title>Operating System Environment</title>
@ -1398,10 +1398,10 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
linkend="guc-unix-socket-directory">) that has write permission only linkend="guc-unix-socket-directory">) that has write permission only
for a trusted local user. This prevents a malicious user from creating for a trusted local user. This prevents a malicious user from creating
their own socket file in that directory. If you are concerned that their own socket file in that directory. If you are concerned that
some applications might still look in <filename>/tmp</> for the some applications might still reference <filename>/tmp</> for the
socket file and hence be vulnerable to spoofing, create a symbolic link socket file and hence be vulnerable to spoofing, during operating system
during operating system startup in <filename>/tmp</> that points to startup create symbolic link <filename>/tmp/.s.PGSQL.5432</> that points
the relocated socket file. You also might need to modify your to the relocated socket file. You also might need to modify your
<filename>/tmp</> cleanup script to preserve the symbolic link. <filename>/tmp</> cleanup script to preserve the symbolic link.
</para> </para>