Skip site navigation (1) Skip section navigation (2)

Re: Unfriendly handling of pg_hba SSL options with SSL off

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Unfriendly handling of pg_hba SSL options with SSL off
Date: 2011-04-25 17:23:43
Message-ID: BANLkTinote9fDF4qeAGR7S=z-TWNKgNA4A@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Mon, Apr 25, 2011 at 19:18, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> On Mon, Apr 25, 2011 at 18:59, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>>> It's not clear to me what behavior you are proposing.  Would we
>>> disregard the hostssl line or treat it as an error?
>
>> It would absolutely have to be treat it as an error. another option
>> would be to throw a more specific warning at that place, and keep the
>> rest of the code the same.
>
>> We can't *ignore* hostssl rows in ssl=off mode, that would be an easy
>> way for an admin to set up a system they thought was secure but
>> isn't...
>
> No, I don't see that it's a security hole.  What would happen if the
> line is ignored is you couldn't make connections with it.  I think you
> are positing that it'd be a potential security problem if a connection
> attempt fell through that line and then succeeded with some later line
> that had less-desirable properties --- but if your pg_hba.conf contents
> are like that, you already have issues, because a non-SSL-enabled client
> is going to reach that later line anyway.

Good point.


> Nonetheless, it's extremely confusing to the admin to ignore such a
> line, and that's not a good thing in any security-sensitive context.

Yeah, better make any misconfiguration very clear - let's throw an error.

-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

In response to

Responses

pgsql-hackers by date

Next:From: Robert HaasDate: 2011-04-25 17:35:05
Subject: Re: Foreign table permissions and cloning
Previous:From: Robert HaasDate: 2011-04-25 17:19:52
Subject: Re: Unfriendly handling of pg_hba SSL options with SSL off

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group