From 836034e0315008e76b96b3078909b82580295bb1 Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Thu, 31 Jan 2008 17:22:43 +0000
Subject: [PATCH] Document the idea of creating a symbolic link in /tmp to
 prevent server spoofing when the socket file has been moved.

---
 doc/src/sgml/runtime.sgml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 9fdcb3aa95..f015133fb2 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1397,7 +1397,16 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
    connections is to use a Unix domain socket directory (<xref
    linkend="guc-unix-socket-directory">) that has write permission only
    for a trusted local user.  This prevents a malicious user from creating
-   their own socket file in that directory.  For TCP connections the server
+   their own socket file in that directory.  If you are concerned that
+   some applications might still look in <filename>/tmp</> for the
+   socket file and hence be vulnerable to spoofing, create a symbolic link
+   during operating system startup in <filename>/tmp</> that points to
+   the relocated socket file.  You also might need to modify your
+   <filename>/tmp</> cleanup script to preserve the symbolic link.
+  </para>
+
+  <para>
+   For TCP connections the server
    must accept only <literal>hostssl</> connections (<xref
    linkend="auth-pg-hba-conf">) and have SSL
    <filename>server.key</filename> (key) and
-- 
2.39.5