Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: "Gurjeet Singh" <singh(dot)gurjeet(at)gmail(dot)com>
To: "Bruce Momjian" <bruce(at)momjian(dot)us>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, "Tomasz Ostrowski" <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 01:15:22
Message-ID: 65937bea0712221715g54bf74a0i4a81221a4593e46a@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Dec 22, 2007 6:25 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:

>
> It is possible for the attacker to use one of the interfaces (tcp or
> unix domain) and wait for the postmaster to start.  The postmaster will
> fail to start on the interface in use but will start on the other
> interface and the attacker could route queries to the active postmaster
> interface.
>
>
I am not very conversant with networking, but I see a possibly simple
solution. Why not refuse to start the postmaster if we are unable to bind
with any of the interfaces (all that are specified in  the conf file).

    This way, if the attacker has control of even one interface (and
optionally the local socket) that the clients are expected to connect to,
the postmaster wouldn't start and the attacker won't have any traffic to
peek into.

Best regards,
-- 
gurjeet[(dot)singh](at)EnterpriseDB(dot)com
singh(dot)gurjeet(at){ gmail | hotmail | indiatimes | yahoo }.com

EnterpriseDB      http://www.enterprisedb.com

17° 29' 34.37"N,   78° 30' 59.76"E - Hyderabad
18° 32' 57.25"N,   73° 56' 25.42"E - Pune
37° 47' 19.72"N, 122° 24' 1.69" W - San Francisco *

http://gurjeet.frihost.net

Mail sent from my BlackLaptop device

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2007-12-23 01:20:53
Subject: Re: Spoofing as the postmaster
Previous:From: Stephen FrostDate: 2007-12-22 20:03:03
Subject: Re: viewing source code

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group