Re: Patch to make postmaster bind to only to localhost.

Well, we do reject quite early. For example, we do not start a backend
to check if the connection should be received, so it seems like we a
really are not open to any more DOS attack than telnetd or other
servers. Is that a fair statement? I would need to hear someone else
who feels strongly about this before adding additional options to the
postmaster.

> Bruce,
>
> I might agree accept for the following. By the time the pg_hba.conf
> file is checked the connection is already accepted, then rejected
> by the rule. A outsider could easlily over-load the postmaster by
> making repeated connections.
>
> Also with a port scan a outside cracker can get a small peice of
> information about what is running on your system. The less information
> a cracker has the beter.
>
> With this patch both of these situitations would not be possible.
>
> Would you be more open to a more general, but more complex, patch that
> would allow you to select the IP's that you bind to. This would allow
> one to configure a system where the localhost, and an internal interface
> are bound, but the external interface to the internet is not.
>
> Thanks,
>
> John C. Quillan
> >
> > I am inclinded to skip this patch. We already have too many postmaster
> > options, and I don't think adding something that already is done in
> > pg_hba.conf is a big help. Sorry.
> >
> > > All,
> > >
> > > The company I work, DataSoft, for is doing a web based project
> > > that uses Java and the JDBC driver for postgres. Aperently the
> > > developers have told me that the JDBC requires the -i option on
> > > postmaster. The only problem is this leves a visibility to the
> > > outside world that we are using postmaster, or some other service.
> > > Now we do have the pg_hba.conf configured to allow connections
> > > from only that box it self, but you can never be two parinoid.
> > >
> > > The patch that is attached adds a "-L" option to postmaster, which
> > > tells postmaster to bind only to 127.0.0.1 or localhost. Now this
> > > port is not exposed to the outside world, ie port scanners can't
> > > detect it, and we can run our Java code with a little more comfort.
> > >
> > > The patch is against the postgresql-7.0.2 source tree.
> > >
> > > The patch was minimally test under Linux kernel 2.2.5 using
> > > a RedHat 6.0 distribution.
> > >
> > > The files effected are
> > > postgresql-7.0.2/src/backend/libpq/pqcomm.c
> > > postgresql-7.0.2/src/include/libpq/libpq.h
> > > postgresql-7.0.2/src/backend/postmaster/postmaster.c
> > >
> > > The patch just addes the -L option with a bool flag variable
> > > BindLocalOnly to postmaster.c
> > >
> > > Also the StreamServerPort function was modified to tha an extra
> > > bool arguement which then if true causes the socket to be bound
> > > to INADDR_LOOPBACK instead of INADDR_ANY.
> > >
> > > The patch is just a tar.gz file that extracts over the postgresql-7.0.2
> > > source tree.
> > >
> > > If there are any issues pleas let me know.
> > >
> > > Thanks,
> > >
> > > John C. Quillan
> > > john_quillan(at)datasoft(dot)com
> >
> > [ application/x-gzip is not supported, skipping... ]
> >
> > --
> > Bruce Momjian | http://candle.pha.pa.us
> > pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
> > + If your life is a hard drive, | 830 Blythe Avenue
> > + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026