Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Brendan Jurd <direvus(at)gmail(dot)com>
Cc: Gurjeet Singh <singh(dot)gurjeet(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 02:10:38
Message-ID: 200712230210.lBN2Acf01343@momjian.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Brendan Jurd wrote:
> On Dec 23, 2007 12:20 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> > Gurjeet Singh wrote:
> > > On Dec 22, 2007 6:25 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> > >     This way, if the attacker has control of even one interface (and
> > > optionally the local socket) that the clients are expected to connect to,
> > > the postmaster wouldn't start and the attacker won't have any traffic to
> > > peek into.
> >
> > Yes, that would fix the problem I mentioned but at that point the
> > attacker already has passwords so they can just connect themselves.
> > Having the server fail if it can't get one interface makes the server
> > less reliable.
> 
> It doesn't solve the spoofing attack problem, but isn't Gurjeet's idea
> a good one in any case?
> 
> If the postmaster can't bind on one of the specified interfaces, then
> at the least, haven't you got got a serious configuration error the
> sysadmin would want to know about?  Having postmaster fail seems like
> a sensible response.
> 
> "I can't start with the configuration you've given me, so I won't
> start at all" is fairly normal behaviour for a server process, no?

Yes, we have talked about this in the past and there were concerns that
that the server might have some network problem that would prevent
binding on all interfaces, particularly IPv6.

-- 
  Bruce Momjian  <bruce(at)momjian(dot)us>        http://momjian.us
  EnterpriseDB                             http://postgres.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2007-12-23 02:25:03
Subject: Re: Spoofing as the postmaster
Previous:From: Brendan JurdDate: 2007-12-23 02:07:05
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group