| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | tgl(at)sss(dot)pgh(dot)pa(dot)us (Tom Lane) |
| Cc: | hackers(at)postgreSQL(dot)org |
| Subject: | Re: [HACKERS] Query cancel and OOB data (fwd) |
| Date: | 1998-05-27 04:39:11 |
| Message-ID: | 199805270439.AAA03509@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>
> Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> writes:
> >> However, if they are already snooping, how much harder
> >> is it for them to insert their own query into the tcp stream?
>
> > Can someone answer this for me?
>
> Well, that depends entirely on what your threat model is --- for
> example, someone with read access on /dev/kmem on a relay machine
> might be able to watch packets going by, yet not be able to inject
> more. On the other hand, someone with root privileges on another
> machine on your local LAN could likely do both.
>
> My guess is that most of the plausible cases that allow one also
> allow the other. But it's only a guess.
>
Oh, yes, one more thing. When generating the cancel key, We will have
to call random twice and return part of each so users will not see our
current random values.
When I remove the exec(), people will be able to call random() in the
backend to see the random value. May need to reset the seed on
backend startup.
--
Bruce Momjian | 830 Blythe Avenue
maillist(at)candle(dot)pha(dot)pa(dot)us | Drexel Hill, Pennsylvania 19026
+ If your life is a hard drive, | (610) 353-9879(w)
+ Christ can be your backup. | (610) 853-3000(h)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Meskes | 1998-05-27 07:34:24 | Re: [HACKERS] Connect string again |
| Previous Message | Bruce Momjian | 1998-05-27 04:25:10 | Re: [HACKERS] Query cancel and OOB data (fwd) |