Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
Cc: Brendan Jurd <direvus(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Gurjeet Singh <singh(dot)gurjeet(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 06:45:14
Message-ID: 3793.1198392314@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Mark Mielke <mark(at)mark(dot)mielke(dot)cc> writes:
> Brendan Jurd wrote:
>> It doesn't solve the spoofing attack problem, but isn't Gurjeet's idea
>> a good one in any case?
>> 
> What makes it good? It solves no problems. It prevents the server from 
> coming up when it otherwise might still be able to.

The primary reason things work like that is that there are boatloads of
machines that are marginally misconfigured.  For instance, userland
thinks there is IPv6 support when the kernel thinks not (or vice versa).
If we made the postmaster abort every time it couldn't latch onto every
address that the listen_addresses setting suggested it might be able to
latch onto, what we'd mostly accomplish is to drive away a lot of
potential users.

Given that everyone agrees that this change wouldn't actually fix
anything w.r.t. spoofing, I don't think there's grounds for making it.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Gregory StarkDate: 2007-12-23 07:18:32
Subject: Re: viewing source code
Previous:From: Mark MielkeDate: 2007-12-23 06:29:13
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group