Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Brendan Jurd <direvus(at)gmail(dot)com>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-27 19:44:31
Message-ID: 4774009F.3040806@hagander.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Tomasz Ostrowski wrote:
> On Sun, 23 Dec 2007, Tom Lane wrote:
>> 3. Massive confusion and breakage as various people transition to the
>> new standard at different times.
> 
> As with any major version.

No, it would introduce a client/server incompatibility. Generally, older
clients (libpq) will still work fine with newer servers, or the other
way around. Lots of attention is paid to maintaining that.


>> 4. Potential to create, rather than remove, spoofing opportunities
>> anyplace there is confusion about which port the postmaster is really
>> listening on.
> 
> I agree. But because it would just not work it'll be easy to notice
> and correct. And when corrected it would be no more confusion.

It would be a perfect spot to put in the MITM attack that this whole
thread has been about...


>> Fundamentally these are man-in-the-middle attacks, and the only real
>> solution is mutual authentication.
> 
> The problem is not many people expect man-in-the-middle attack on
> secure lan, localhost or local socket connection, so they'll not try
> to prevent it.

There is no such thing as a secure LAN, unless you control every host
and what every user can do on it. (Definition of LAN can be a bit
different though. Say you implement proper IPsec isolation on it - in
that case, only the machines on the inside of the ipsec "cloud" need to
be trusted)

Same thing really does go for the host - it's not a secure host if you
can't control what the users are doing on it. So you can't treat it as
such if that's the case.

//Magnus

In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 2007-12-27 20:29:30
Subject: Archiver behavior at shutdown
Previous:From: Magnus HaganderDate: 2007-12-27 19:40:49
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group