Skip site navigation (1) Skip section navigation (2)

Re: Patch to make postmaster bind to only to localhost.

From: The Hermit Hacker <scrappy(at)hub(dot)org>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: "John C(dot) Quillan" <john_quillan(at)datasoft(dot)com>, pgsql-patches(at)postgresql(dot)org
Subject: Re: Patch to make postmaster bind to only to localhost.
Date: 2000-09-12 15:43:54
Message-ID: Pine.BSF.4.21.0009121243270.1305-100000@thelab.hub.org (view raw or flat)
Thread:
Lists: pgsql-patches
On Tue, 12 Sep 2000, Bruce Momjian wrote:

> The big question is why we can't just scan pg_hba.conf and bind only
> to those ip's.  That way, we don't have to have a new flag.  It will
> all happen by default.

huh?  pg_hba.conf references IPs on remote hosts ... won't you find i
tkinda difficult to bind to them? :)


> 
> > 
> > I'm kinda in agreement with John on this, it does add a level of security
> > from DOS attacks ... I would have prefer'd the patch being something that
> > attaches it to a specific IP though, vs just 127.0.0.1 ... I think that
> > would be slightly more useful ... John, any chance of resubmitting it with
> > that feature added to it?
> > 
> > On Tue, 12 Sep 2000, Bruce Momjian wrote:
> > 
> > > Well, we do reject quite early.  For example, we do not start a backend
> > > to check if the connection should be received, so it seems like we a
> > > really are not open to any more DOS attack than telnetd or other
> > > servers.  Is that a fair statement?  I would need to hear someone else
> > > who feels strongly about this before adding additional options to the
> > > postmaster.
> > > 
> > > 
> > > 
> > > 
> > > > Bruce,
> > > > 
> > > > I might agree accept for the following.  By the time the pg_hba.conf
> > > > file is checked the connection is already accepted, then rejected
> > > > by the rule.  A outsider could easlily over-load the postmaster by
> > > > making repeated connections.
> > > > 
> > > > Also with a port scan a outside cracker can get a small peice of
> > > > information about what is running on your system.  The less information
> > > > a cracker has the beter.
> > > > 
> > > > With this patch both of these situitations would not be possible.
> > > > 
> > > > Would you be more open to a more general, but more complex, patch that
> > > > would allow you to select the IP's that you bind to.  This would allow
> > > > one to configure a system where the localhost, and an internal interface
> > > > are bound, but the external interface to the internet is not.
> > > > 
> > > > Thanks,
> > > > 
> > > > John C. Quillan
> > > > > 
> > > > > I am inclinded to skip this patch.  We already have too many postmaster
> > > > > options, and I don't think adding something that already is done in
> > > > > pg_hba.conf is a big help.  Sorry.
> > > > > 
> > > > > > All,
> > > > > >
> > > > > > The company I work, DataSoft, for is doing a web based project
> > > > > > that uses Java and the JDBC driver for postgres.  Aperently the
> > > > > > developers have told me that the JDBC requires the -i option on
> > > > > > postmaster. The only problem is this leves a visibility to the
> > > > > > outside world that we are using postmaster, or some other service.
> > > > > > Now we do have the pg_hba.conf configured to allow connections
> > > > > > from only that box it self, but you can never be two parinoid.
> > > > > >
> > > > > > The patch that is attached adds a "-L" option to postmaster, which
> > > > > > tells postmaster to bind only to 127.0.0.1 or localhost.  Now this
> > > > > > port is not exposed to the outside world, ie port scanners can't
> > > > > > detect it, and we can run our Java code with a little more comfort.
> > > > > >
> > > > > > The patch is against the postgresql-7.0.2 source tree.
> > > > > >
> > > > > > The patch was minimally test under Linux kernel 2.2.5 using
> > > > > > a RedHat 6.0 distribution.
> > > > > >
> > > > > > The files effected are
> > > > > >   postgresql-7.0.2/src/backend/libpq/pqcomm.c
> > > > > >   postgresql-7.0.2/src/include/libpq/libpq.h
> > > > > >   postgresql-7.0.2/src/backend/postmaster/postmaster.c
> > > > > >
> > > > > > The patch just addes the -L option with a bool flag variable
> > > > > > BindLocalOnly to postmaster.c
> > > > > >
> > > > > > Also the StreamServerPort function was modified to tha an extra
> > > > > > bool arguement which then if true causes the socket to be bound
> > > > > > to INADDR_LOOPBACK instead of INADDR_ANY.
> > > > > >
> > > > > > The patch is just a tar.gz file that extracts over the postgresql-7.0.2
> > > > > > source tree.
> > > > > >
> > > > > > If there are any issues pleas let me know.
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > John C. Quillan
> > > > > > john_quillan(at)datasoft(dot)com
> > > > > 
> > > > > [ application/x-gzip is not supported, skipping... ]
> > > > > 
> > > > > --
> > > > >   Bruce Momjian                        |  http://candle.pha.pa.us
> > > > >   pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
> > > > >   +  If your life is a hard drive,     |  830 Blythe Avenue
> > > > >   +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
> > > > 
> > > 
> > > 
> > > -- 
> > >   Bruce Momjian                        |  http://candle.pha.pa.us
> > >   pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
> > >   +  If your life is a hard drive,     |  830 Blythe Avenue
> > >   +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
> > > 
> > 
> > Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
> > Systems Administrator @ hub.org 
> > primary: scrappy(at)hub(dot)org           secondary: scrappy(at){freebsd|postgresql}.org 
> > 
> > 
> 
> 
> -- 
>   Bruce Momjian                        |  http://candle.pha.pa.us
>   pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
>   +  If your life is a hard drive,     |  830 Blythe Avenue
>   +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
> 
> 

Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
Systems Administrator @ hub.org 
primary: scrappy(at)hub(dot)org           secondary: scrappy(at){freebsd|postgresql}.org 


In response to

Responses

pgsql-patches by date

Next:From: Bruce MomjianDate: 2000-09-12 15:49:31
Subject: Re: Patch to make postmaster bind to only to localhost.
Previous:From: Bruce MomjianDate: 2000-09-12 15:39:34
Subject: Re: Patch to make postmaster bind to only to localhost.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group