Tom Lane wrote:
> Sam Mason <sam@xxxxxxxxxxxxx> writes:
>> + if (portnum < 1 || portnum > 65535)
>
> BTW, it strikes me that we could tighten this even more by rejecting
> target ports below 1024. This is guaranteed safe on all Unix systems
> I know of, because privileged ports can only be listened to by root-owned
> processes and we know the postmaster won't be one.
This is just an aside.
The recent Linux system allows to assign a part of root privileges (called
as capabilities) on a certain process.
Example)
# setcap cap_net_bind_service=ep /usr/local/pgsql/bin/postgres
<-- it allows anyone to launch postmaster with cap_net_bind_service capability.
$ pg_ctl -o "-i -p 100" start
$ psql postgres -p 100
psql (8.5devel)
Type "help" for help.
postgres=#
> Even if it's possible, do we want to allow it?
I cannot find any merits.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
