Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>, "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-29 19:20:31
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Mark Mielke <mark(at)mark(dot)mielke(dot)cc> writes:
> What has come out for me is that this isn't UNIX socket specific at all 
> (although there may be UNIX socket specific options available). The 
> standard PostgreSQL port is above 1024, and anybody could 
> bind()/listen()/accept() on it, assuming it is not running.

Right.  The real bottom line is that a socket in /tmp is exactly as
secure as a localhost TCP port.  There is no value in debating moving
the default socket location unless you are prepared to also relocate
the default port to below 1024 (and even that helps only on Unix-y

I remain of the opinion that what we should do about this is support
SSL usage over sockets and document the issues.

			regards, tom lane

In response to

pgsql-hackers by date

Next:From: Greg SmithDate: 2007-12-29 19:40:29
Subject: Re: Spoofing as the postmaster
Previous:From: Tom LaneDate: 2007-12-29 19:16:19
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group