Re: Spoofing as the postmaster

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>, "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-29 19:20:31
Message-ID: 12260.1198956031@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Mark Mielke <mark(at)mark(dot)mielke(dot)cc> writes:
> What has come out for me is that this isn't UNIX socket specific at all
> (although there may be UNIX socket specific options available). The
> standard PostgreSQL port is above 1024, and anybody could
> bind()/listen()/accept() on it, assuming it is not running.

Right. The real bottom line is that a socket in /tmp is exactly as
secure as a localhost TCP port. There is no value in debating moving
the default socket location unless you are prepared to also relocate
the default port to below 1024 (and even that helps only on Unix-y
platforms).

I remain of the opinion that what we should do about this is support
SSL usage over sockets and document the issues.

regards, tom lane

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Greg Smith 2007-12-29 19:40:29 Re: Spoofing as the postmaster
Previous Message Tom Lane 2007-12-29 19:16:19 Re: Spoofing as the postmaster