Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Brendan Jurd <direvus(at)gmail(dot)com>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 13:18:44
Message-ID: 200712231318.lBNDIiG14378@momjian.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Magnus Hagander wrote:
> Well, the question is not about sensitive information, is it? It's about
>  password disclosure due to spoofing. Which would affect *all* services
> that accept passwords over any kind of local connections - both unix
> sockets and TCP localhost.
> 
> I'm just saying that pretty much everybody has to be affected by this.
> And you can't claim it's very common to use SSL to secure localhost
> connections. Maybe it should be, but I hardly ever see it...

Yep.  I think the big issue is most people think unix domain sockets and
localhost are secure, but they are not if the server is down, unless SSL
is used or the socket file is in a privileged directory.

> The best way to avoid it is of course not to give untrusted users access
> to launch arbitrary processes on your server. Something about that
> should perhaps be added to that new docs section?

Yep, doing that now.

-- 
  Bruce Momjian  <bruce(at)momjian(dot)us>        http://momjian.us
  EnterpriseDB                             http://postgres.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

In response to

pgsql-hackers by date

Next:From: Peter EisentrautDate: 2007-12-23 13:35:01
Subject: Re: Spoofing as the postmaster
Previous:From: Bruce MomjianDate: 2007-12-23 13:16:49
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group