> > Yes, that is correct - runas is similar to su. But in order to do > > "runas", you need the service accounts password. Once you > are "root" > > on a unix system, you can do "su - user" *without* the password. > > That's a big difference. > > (You can also use the postgres accounts smartcard, if you are using > > smartcard logins, but the deal is that you need *something* that is > > normally private to the account - even if you are an administrator) > > Is that at application level or system level? You know I can > install a patched su that asks root for passwords as well, > but the problem is with the seteuid() system call, not su. > You can (with SELinux) limit root powers a lot, but that's > not the point. I think it's at the system level. At least there is no API to do it. > > I guess we could read in the password ourselves and drop it in our > > shared memory segment to pass to subprocesses - though that > means they > > can get to the password easier as well. Assuming OpenSSL > has the APIs > > for that, I haven't checked that. I'm unconvinced it makes > enough of a > > difference to be worthwhile, though. > > (BTW, am I correct in reading this as a problem that only > appears on > > win32, because of the exec nature of the backend, right? Or does it > > show up on Unix as well?) > > Is the Unix version much different? I think the postmaster > just forks and execs the backends. It forks. It doesn't exec. As such, it inherits all the memory from the postmaster. > But, aren't connections > handled by the postmaster? All the SSL thing should happen > before the fork I think. Is the Windows model different? Do > backends handle SSL negotiation? On win32 we do fork() + exec(), and the OpenSSL library requires a new initialization, including reading the key. I should say I'm speaking from memory of stuff I looked at a longt ime ago, though - it could probably do with someone looking throuhg exactly how it is now ;-) IIRC, the problem is that the openssl structs contain function pointers, which are not guaranteed to point to the same thing in the child. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
