Skip site navigation (1) Skip section navigation (2)

Re: MySQL worm attacks Windows servers

From: Chris Travers <chris(at)travelamericas(dot)com>
To: Josh Berkus <josh(at)agliodbs(dot)com>,PostgreSQL advocacy <pgsql-advocacy(at)postgresql(dot)org>,pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject: Re: MySQL worm attacks Windows servers
Date: 2005-01-29 08:34:07
Message-ID: 41FB4A7F.1000208@travelamericas.com (view raw or flat)
Thread:
Lists: pgsql-advocacypgsql-generalpgsql-www
Cross-posting to general due to more general nature of response

Josh Berkus wrote:

>Chris,
>
>  
>
>>http://www.theregister.co.uk/2005/01/28/mysql_worm/
>>    
>>
>
>Yep.   And each time someone asks you "But why can't I install PostgreSQL as 
>Administrator" you can point them to that worm ....
>
>  
>
Now, if PostgreSQL is installed with TRUST authentication for remote 
ports, can't one try to create an untrusted language and function that 
will cause the sustem to scan for other such servers and connect, 
thereby spreading a worm?  Of course most of the PostgreSQL instances I 
have seen are behind firewalls, but I don't think we are that invulnerable.

Maybe we should set the default authentication to only use TRUST on 
local sockets only.  At least as of 7.4, the default was to trust 
network ports.

Best Wishes,
Chris Travers
Metatron Technology Consulting

In response to

Responses

pgsql-www by date

Next:From: Bruno Wolff IIIDate: 2005-01-29 11:45:00
Subject: Re: MySQL worm attacks Windows servers
Previous:From: Josh BerkusDate: 2005-01-28 17:04:35
Subject: Re: MySQL worm attacks Windows servers

pgsql-advocacy by date

Next:From: Bruno Wolff IIIDate: 2005-01-29 11:45:00
Subject: Re: MySQL worm attacks Windows servers
Previous:From: Mark WongDate: 2005-01-29 06:57:55
Subject: Re: OLS BOF for linux & postgresql

pgsql-general by date

Next:From: Neil ConwayDate: 2005-01-29 10:23:06
Subject: Re: changing sort_mem on the fly?
Previous:From: Mark WongDate: 2005-01-29 06:57:55
Subject: Re: OLS BOF for linux & postgresql

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group