On 11/9/20 9:04 AM, Peter Eisentraut wrote:
On 2020-11-09 07:08, Michael Paquier wrote:
As abstract namespaces don't have permissions, anyone knowing the name
of the path, which should be unique, can have an access to the server.
Do you think that the documentation should warn the user about that?
This feature is about easing the management part of the socket paths
while throwing away the security aspect of it.
We could modify the documentation further. But note that the
traditional way of putting the socket into /tmp has the same properties,
so this shouldn't be a huge shock.
One issue with them is that they interact differently with kernel
namespaces than normal unix sockets do. Abstract sockets are handled by
the network namespaces, and not the file system namespaces. But I am not
sure that this is our job to document.
Andreas
