Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Brendan Jurd <direvus(at)gmail(dot)com>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 12:19:59
Message-ID: 476E526F.2020906@hagander.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Peter Eisentraut wrote:
> Magnus Hagander wrote:
>> Out of curiosity, does any of the other databases out there "solve" this
>> somehow? Or any non-databases too, really. To me this seems like a
>> general problem for *any* kind of server processes
> 
> Most kinds of server processes where you'd send sensitive information do 
> support SSL.  Most of these server processes don't run over Unix-domain 
> sockets, though.

Well, the question is not about sensitive information, is it? It's about
 password disclosure due to spoofing. Which would affect *all* services
that accept passwords over any kind of local connections - both unix
sockets and TCP localhost.

I'm just saying that pretty much everybody has to be affected by this.
And you can't claim it's very common to use SSL to secure localhost
connections. Maybe it should be, but I hardly ever see it...

The best way to avoid it is of course not to give untrusted users access
to launch arbitrary processes on your server. Something about that
should perhaps be added to that new docs section?

//Magnus

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2007-12-23 13:03:01
Subject: Re: Spoofing as the postmaster
Previous:From: Peter EisentrautDate: 2007-12-23 11:28:55
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group