Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Andrew Sullivan <ajs(at)crankycanuck(dot)ca>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-27 18:17:28
Message-ID: 20071227181728.GI12137@crankycanuck.ca (view raw or flat)
Thread:
Lists: pgsql-hackers
On Mon, Dec 24, 2007 at 12:04:16AM +0100, Tomasz Ostrowski wrote:
> 
> Not at all, as it won't run as root, it'll just start as root and
> then give up all root privileges. The only thing it would have after
> being root is just an open socket.

If you think that is complete protection against privilege escalation, I
encourage you to read some more bugtraq archives.

The answer to MITM attacks is not superuser-reserved ports anyway.  The
privileged port idea was a bad one in retrospect.  The answer is strong
authentication. 

A


In response to

pgsql-hackers by date

Next:From: Andrew SullivanDate: 2007-12-27 18:20:33
Subject: Re: Spoofing as the postmaster
Previous:From: Andrew SullivanDate: 2007-12-27 18:14:19
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group