Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Brendan Jurd <direvus(at)gmail(dot)com>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 13:35:01
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Magnus Hagander wrote:
> > Most kinds of server processes where you'd send sensitive information do
> > support SSL.  Most of these server processes don't run over Unix-domain
> > sockets, though.
> Well, the question is not about sensitive information, is it? It's about
>  password disclosure due to spoofing.

I included passwords as sensitive information.

> Which would affect *all* services 
> that accept passwords over any kind of local connections - both unix
> sockets and TCP localhost.

These services either use a protected port or a protected directory, or they 
support SSL or something similar (SSH), or they are deprecated, as many 
traditional Unix services are.  If you find a service that is not covered by 
this, then yes, you have a problem.

> The best way to avoid it is of course not to give untrusted users access
> to launch arbitrary processes on your server. Something about that
> should perhaps be added to that new docs section?

That is pretty impractical.  PostgreSQL is designed to run on multiuser 
operating systems, so it should do it correctly.  Such suggestions do not 
raise confidence.

Peter Eisentraut

In response to


pgsql-hackers by date

Next:From: Martijn van OosterhoutDate: 2007-12-23 13:55:37
Subject: Re: Spoofing as the postmaster
Previous:From: Bruce MomjianDate: 2007-12-23 13:18:44
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group