Dear PostgreSQL/Cygwin Folks,
In the file doc/FAQ_MSWIN I found the following comment:
1. Cygwin's AF_UNIX sockets are really implemented as AF_INET sockets
so they are inherently insecure.
I am attempting to get a clearer idea of just how and in what ways the
PostgreSQL server is insecure when running under Cygwin. I have been
unable to find any documentation on Cygwin's implementation of UNIX domain
sockets or on the implications of the implementation for security in
general or for the security of the PostgreSQL server. If you can point me
toward any materials that would help me in understanding these issues I
would appreciate it very much.
In order to be more concrete, I am including some more specific
questions. If you have the time to answer these questions that would be
great, but any resources that you could point me toward would be very much
appreciated.
1. Is the server vulnerable to external attack (for example, from a
LAN) or does the vulnerability concern only users who are logged
onto the local system?
2. What steps can be taken to reduce vulnerabilities and what are
their specific benefits? For example, is it possible to identify
particular ports that Cygwin uses when emulating UNIX domain
sockets, and to restrict access to them? If this is done, what
vulnerabilities would be eliminated and what vulnerabilities would
remain?
Thanks in advance for any help that you can provide.
Sincerely,
David E. Sigeti
---
Dr. David E. Sigeti
Phone: 505-667-9239
E-mail: sigeti@xxxxxxxx
Surface mail: MS-F645, Los Alamos National Laboratory,
Los Alamos, NM 87545 USA
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@xxxxxxxxxxxxxx
|
