Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: Brendan Jurd <direvus(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 10:30:04
Message-ID: 476E38AC.7070803@hagander.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Bruce Momjian wrote:
> Brendan Jurd wrote:
>> On Dec 23, 2007 1:25 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>>> I have written documentation for this item:
>>>
>>>         http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
>>>
>>> Comments?
>> I thought the content made sense, but the location didn't.  I wouldn't
>> expect to find instructions on configuring Postgres for secure
>> operation under a section about how to shut the server down.
>>
>> I realise that in order for the exploit to occur, the server must be
>> shut down (or not yet started), but unless a user already knows about
>> the way the exploit works, how will they know to look for info about
>> it here?
>>
>> IMO by putting this guidance under "Shutting Down" you're going to
>> hurt the chances of anyone stumbling across it.  I doubt you'd get
>> many users reading "Shutting Down" at all because in most cases, it's
>> an easy or obvious thing to do (initscripts provided by package and
>> pg_ctl are self-explanatory).
> 
> Agreed. I moved it up to its own section:
> 
> 	http://momjian.us/tmp/pgsql/preventing-server-spoofing.html
> 
> I improved the wording slightly too.
> 

The server doesn't need a root.crt certificate really - but it does need
the *server* certificate (server.key/server.crt). root.crt is only used
to verify *client* certificates, which is a different thing from what
you're outlining here.

Out of curiosity, does any of the other databases out there "solve" this
somehow? Or any non-databases too, really. To me this seems like a
general problem for *any* kind of server processes - at least any that
runs with port >1024 on Unix (and any at all on win32, since they don't
check the port number there).

//Magnus

In response to

Responses

pgsql-hackers by date

Next:From: Peter EisentrautDate: 2007-12-23 11:28:55
Subject: Re: Spoofing as the postmaster
Previous:From: Peter EisentrautDate: 2007-12-23 08:41:03
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group