Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-22 15:55:06
Message-ID: 476D335A.9070801@dunslane.net (view raw or flat)
Thread:
Lists: pgsql-hackers

Peter Eisentraut wrote:
> Bruce Momjian wrote:
>   
>> The fundamental problem is that because we don't require root, any user's
>> postmaster or pretend postmaster is as legitimate as anyone else's.  SSL
>> certificates add legitimacy checks for TCP, but not for unix domain
>> sockets.
>>     
>
> Wouldn't SSL work over Unix-domain sockets as well?  The API only deals with 
> file descriptors.
>
>   

But we don't check the SSL cert's credentials in the client, AFAIK. That 
means that postmaster spoofer could just as easily spoof SSL. 
Communications between the client and the endpoint will be protected, 
but there is no protection from a man in the middle attack, which is 
what this is.

cheers

andrew

In response to

Responses

pgsql-hackers by date

Next:From: Peter EisentrautDate: 2007-12-22 16:13:05
Subject: Re: Spoofing as the postmaster
Previous:From: Peter EisentrautDate: 2007-12-22 15:44:16
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group