Обсуждение: Security for the PostgreSQL server running under Cygwin


Security for the PostgreSQL server running under Cygwin

David E Sigeti
Dear PostgreSQL/Cygwin Folks,

In the file doc/FAQ_MSWIN I found the following comment:

1.  Cygwin's AF_UNIX sockets are really implemented as AF_INET sockets
     so they are inherently insecure.

I am attempting to get a clearer idea of just how and in what ways the
PostgreSQL server is insecure when running under Cygwin.  I have been
unable to find any documentation on Cygwin's implementation of UNIX domain
sockets or on the implications of the implementation for security in
general or for the security of the PostgreSQL server.  If you can point me
toward any materials that would help me in understanding these issues I
would appreciate it very much.

In order to be more concrete, I am including some more specific
questions.  If you have the time to answer these questions that would be
great, but any resources that you could point me toward would be very much

1. Is the server vulnerable to external attack (for example, from a
    LAN) or does the vulnerability concern only users who are logged
    onto the local system?

2. What steps can be taken to reduce vulnerabilities and what are
    their specific benefits?  For example, is it possible to identify
    particular ports that Cygwin uses when emulating UNIX domain
    sockets, and to restrict access to them?  If this is done, what
    vulnerabilities would be eliminated and what vulnerabilities would

Thanks in advance for any help that you can provide.

David E. Sigeti

Dr. David E. Sigeti
Phone:  505-667-9239
E-mail: sigeti@lanl.gov
Surface mail: MS-F645, Los Alamos National Laboratory,
               Los Alamos, NM  87545   USA