Post · bonfire.cafe

Post

Dang near every jail on my #freebsd server needs either pgsql or mariadb.

I could stop running databases everywhere by building a database jail, eliminating many small points of small failures by implementing a single point of complete failure.

Which is better? All I know is whatever choice wins, I will lose. #sysadmin

Michael Dexter

@dexter@bsd.network replied · 14 hours ago

@mwl I suspect @dch has an opinion or two.

dch :flantifa: :flan_hacker:

@dch@bsd.network replied · 9 hours ago

@dexter @mwl I dare not offer up an opinion, I might end up as a footnote.

Michael W Lucas :flan_on_fire:

@mwl@io.mwl.io replied · 3 hours ago

@dch @dexter

...you think you're not already a footnote?

dch :flantifa: :flan_hacker:

@dch@bsd.network replied · 53 minutes ago

@mwl and there I thought I was consigned to the melted gelato end of history @dexter

Parade du Grotesque 💀

@ParadeGrotesque@mastodon.sdf.org replied · 49 minutes ago

@dch

"Melted gelato end of history", now that's a footnote I'd like to read! 🍨

@mwl @dexter

Tim Chase

@gumnos@mastodon.bsd.cafe replied · 15 hours ago

@mwl In my mind it boils down primarily to how much RAM the server has.

If running multiple instances of mariadb/pgsql would put a strain on RAM then there are definite wins to having a single shared instance of each.

If RAM contention is *not* an issue, then you're weighing the security of independent separated instances vs administrative upgrading/configuration/tuning hassle. And only you know where that line falls.

If you use some sort of declarative configuration-management, then the admin headache might be lessened because you can just specify "ZFS ashift=12 on all those ZFS datasets, upgrade all my pgsql version X to version X+1, and ensure they're configured for $BLOCKSIZE pages" and let it babysit all the cattle rather than hand feeding all the pets. Or you can propagate your security foibles at scale. Whatevs…

Recovered Expert

@RecoveredExpert@mastodon.social replied · 10 hours ago

@gumnos „weighting security“ of independent db instances: what do you base this on?
How are multiple instances of psql in their separate jails more secure than a single psql jail and setup properly according to long established BCP, using separate „databases“ (in psql parlance), proper roles, privileges and so on?

Aside security I can see *some* reason to do that in special cases, for example like training setups, documentation and or writing books about to mention @mwl ‘s specialty.

David Chisnall (*Now with 50% more sarcasm!*)

@david_chisnall@infosec.exchange replied · 8 hours ago

@RecoveredExpert @gumnos @mwl

To compromise another database in a shared Postgres instance, you need to find a Postgres bug or misconfiguration, or you need a jail escape that lets you directly poke at the other jail.

To compromise another database in another jail, you need to find a jail escape.

Basically, any vulnerability that lets you attack an isolated Postgres instance in another jail will also let you compromise a shared Postgres instance in another jail, but the converse is not true.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-beta.35 no JS en

Automatic federation enabled