Participants
Magnus Hagander
Magnus Hagander
Peter Eisentraut
Peter Eisentraut
Jan Urbański
Jan Urbański
Andres Freund
Andres Freund
Christopher Browne
Christopher Browne
Attachments

No attachments in this thread

Thread Outline
#1...#3
Magnus HaganderPeter Eisentraut
Jun 27, 2013
#1Magnus HaganderMagnus Hagander
Jun 27, 2013
#2Peter EisentrautPeter Eisentrautto Magnus Hagander (#1)
Jun 27, 2013
#3Magnus HaganderMagnus Haganderto Peter Eisentraut (#2)
Jun 27, 2013
#4Jan UrbańskiJan Urbańskito Magnus Hagander (#3)
Jun 27, 2013
#5...#6
Andres FreundChristopher Browne
to Magnus Hagander (#3)
Jun 27, 2013
#5Andres FreundAndres Freundto Magnus Hagander (#3)
Jun 27, 2013
#6Christopher BrowneChristopher Browneto Andres Freund (#5)
Jun 27, 2013

Min value for port

Started by Magnus Haganderover 12 years ago6 messages
#1Magnus Hagander
Magnus Hagander
magnus@hagander.net

Is there a reason why we have set the min allowed value for port to 1,
not 1024? Given that you can't actually start postgres with a value of
<1024, shoulnd't the entry in pg_settings reference that as well?

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#2Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: Magnus Hagander (#1)
Re: Min value for port

On 6/27/13 6:34 AM, Magnus Hagander wrote:

Is there a reason why we have set the min allowed value for port to 1,
not 1024? Given that you can't actually start postgres with a value of
<1024, shoulnd't the entry in pg_settings reference that as well?

Are you thinking of the restriction that you need to be root to use
ports <1024? That restriction is not necessarily universal. We can let
the kernel tell us at run time if it doesn't like our port.

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#3Magnus Hagander
Magnus Hagander
magnus@hagander.net
In reply to: Peter Eisentraut (#2)
Re: Min value for port

On Thu, Jun 27, 2013 at 2:16 PM, Peter Eisentraut <peter_e@gmx.net> wrote:

On 6/27/13 6:34 AM, Magnus Hagander wrote:

Is there a reason why we have set the min allowed value for port to 1,
not 1024? Given that you can't actually start postgres with a value of
<1024, shoulnd't the entry in pg_settings reference that as well?

Are you thinking of the restriction that you need to be root to use
ports <1024? That restriction is not necessarily universal. We can let
the kernel tell us at run time if it doesn't like our port.

Yes, that's the restriction I was talking about. It's just a bit
annoying that if you look at pg_settings.min_value it doesn't actually
tell you the truth. But yeah, I believe Windows actually lets you use
a lower port number, so it'd at least have to be #ifdef'ed for that if
we wanted to change it.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#4Jan Urbański
Jan Urbański
wulczer@wulczer.org
In reply to: Magnus Hagander (#3)
Re: Min value for port

On 27/06/13 15:11, Magnus Hagander wrote:

On Thu, Jun 27, 2013 at 2:16 PM, Peter Eisentraut <peter_e@gmx.net> wrote:

On 6/27/13 6:34 AM, Magnus Hagander wrote:

Is there a reason why we have set the min allowed value for port to 1,
not 1024? Given that you can't actually start postgres with a value of
<1024, shoulnd't the entry in pg_settings reference that as well?

Are you thinking of the restriction that you need to be root to use
ports <1024? That restriction is not necessarily universal. We can let
the kernel tell us at run time if it doesn't like our port.

Yes, that's the restriction I was talking about. It's just a bit
annoying that if you look at pg_settings.min_value it doesn't actually
tell you the truth. But yeah, I believe Windows actually lets you use
a lower port number, so it'd at least have to be #ifdef'ed for that if
we wanted to change it.

There's also authbind and CAP_NET_BIND_SERVICE.

Jan

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#5Andres Freund
Andres Freund
andres@2ndquadrant.com
In reply to: Magnus Hagander (#3)
Re: Min value for port

On 2013-06-27 15:11:26 +0200, Magnus Hagander wrote:

On Thu, Jun 27, 2013 at 2:16 PM, Peter Eisentraut <peter_e@gmx.net> wrote:

On 6/27/13 6:34 AM, Magnus Hagander wrote:

Is there a reason why we have set the min allowed value for port to 1,
not 1024? Given that you can't actually start postgres with a value of
<1024, shoulnd't the entry in pg_settings reference that as well?

Are you thinking of the restriction that you need to be root to use
ports <1024? That restriction is not necessarily universal. We can let
the kernel tell us at run time if it doesn't like our port.

Yes, that's the restriction I was talking about. It's just a bit
annoying that if you look at pg_settings.min_value it doesn't actually
tell you the truth. But yeah, I believe Windows actually lets you use
a lower port number, so it'd at least have to be #ifdef'ed for that if
we wanted to change it.

You can easily change the setting on linux as well. And you can grant
specific binaries the permission to bind to restricted ports without
being root.
I don't think the additional complexity to get a sensible value in there
is warranted.

Greetings,

Andres Freund

--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#6Christopher Browne
Christopher Browne
cbbrowne@gmail.com
In reply to: Andres Freund (#5)
Re: Min value for port

On Thu, Jun 27, 2013 at 9:22 AM, Andres Freund <andres@2ndquadrant.com>wrote:

On 2013-06-27 15:11:26 +0200, Magnus Hagander wrote:

On Thu, Jun 27, 2013 at 2:16 PM, Peter Eisentraut <peter_e@gmx.net>

wrote:

On 6/27/13 6:34 AM, Magnus Hagander wrote:

Is there a reason why we have set the min allowed value for port to 1,
not 1024? Given that you can't actually start postgres with a value of
<1024, shoulnd't the entry in pg_settings reference that as well?

Are you thinking of the restriction that you need to be root to use
ports <1024? That restriction is not necessarily universal. We can

let

the kernel tell us at run time if it doesn't like our port.

Yes, that's the restriction I was talking about. It's just a bit
annoying that if you look at pg_settings.min_value it doesn't actually
tell you the truth. But yeah, I believe Windows actually lets you use
a lower port number, so it'd at least have to be #ifdef'ed for that if
we wanted to change it.

You can easily change the setting on linux as well. And you can grant
specific binaries the permission to bind to restricted ports without
being root.
I don't think the additional complexity to get a sensible value in there
is warranted.

With that large a set of local policies that can change the "usual
< 1024" policy, yep, I agree that it's not worth trying too hard on this
one.

And supposing something like SE-Linux can grant bindings for a particular
user/binary to access a *specific* port, that represents a model that is
pretty incompatible with the notion of a "minimum value."

On the one hand, the idea of having to add a lot of platform-specific
code (which may further be specific to a framework like SE-Linux)
is not terribly appealing.

Further, if the result is something that doesn't really fit with a
"minimum,"
is it much worth fighting with the platform localities?

Indeed, I begin to question whether indicating a "minimum" is actually
meaningful.
--
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"

← Back to Topics