Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Brendan Jurd <direvus(at)gmail(dot)com>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 19:40:56
Message-ID: 476EB9C8.8020801@hagander.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> Peter Eisentraut wrote:
>>> These services either use a protected port or a protected directory, or they
>>> support SSL or something similar (SSH), or they are deprecated, as many 
>>> traditional Unix services are.  If you find a service that is not covered by
>>> this, then yes, you have a problem.
> 
>> It's certainly the default on my SQL Servers. And Sybase. AFAIK it's the
>> default on MySQL,
> 
> Nyet.  I find this in configure.in in mysql 5.0.45 (reasonably current):
> 
> # The port should be constant for a LONG time
> MYSQL_TCP_PORT_DEFAULT=3306
> MYSQL_UNIX_ADDR_DEFAULT="/tmp/mysql.sock"
> 
> I see that Red Hat's RPM specfile overrides that:
> 	--with-unix-socket-path=/var/lib/mysql/mysql.sock
> which was a decision that was taken long before I had anything to do
> with it.  Note that neither the out-of-the-box default nor the
> RH-modified convention appear to support multiple servers on the same
> box with any degree of convenience; the server doesn't adjust the path
> name depending on port number.

I was referring to the listening on TCP connections over localhost
without SSL. Port 3306 isn't protected AFAIK, and there's nothing in
those lines that says it's SSL only. But then again, neither is the
/tmp/mysql.sock file. Am I missing something here, or did you just post
a piece of configure that *agreed* with what I said? ;-)

//Magnus

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2007-12-23 19:52:28
Subject: Re: Spoofing as the postmaster
Previous:From: Tom LaneDate: 2007-12-23 19:37:26
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group