Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-22 16:15:20
Message-ID: 476D3818.1080404@hagander.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Andrew Dunstan wrote:
> 
> 
> Peter Eisentraut wrote:
>> Bruce Momjian wrote:
>>  
>>> The fundamental problem is that because we don't require root, any
>>> user's
>>> postmaster or pretend postmaster is as legitimate as anyone else's.  SSL
>>> certificates add legitimacy checks for TCP, but not for unix domain
>>> sockets.
>>>     
>>
>> Wouldn't SSL work over Unix-domain sockets as well?  The API only
>> deals with file descriptors.
>>
>>   
> 
> But we don't check the SSL cert's credentials in the client, AFAIK. That
> means that postmaster spoofer could just as easily spoof SSL.
> Communications between the client and the endpoint will be protected,
> but there is no protection from a man in the middle attack, which is
> what this is.

We do if you put the CA cert on the client.

//Magnus


In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 2007-12-22 18:04:47
Subject: Re: Spoofing as the postmaster
Previous:From: Peter EisentrautDate: 2007-12-22 16:13:05
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group