| From: | Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Gregory Stark <stark(at)enterprisedb(dot)com>, Marko Kreen <markokr(at)gmail(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us> |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-27 10:09:06 |
| Message-ID: | 20071227100906.GB20344@batory.org.pl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, 23 Dec 2007, Tom Lane wrote:
> ISTM we have these action items:
> 1. Improve the code so that SSL authentication can be used across a
> Unix-socket connection (we can disable encryption though).
I've just realised that there's a problem with SSL with disabled
encryption on a unix socket / localhost connections for cpu-saving.
Any local user using this attack would be able to eavesdrop
everything comming through a socket.
If an attacker just acts as a tunnel, highjacking a unix-socket and
talking to a server using any other interface (or the other way
around), then he would not be able to modify information flow, but he
would be able to read and save everything going to and from a server.
It is again not obvious as normally local connections are not
susceptible to eavesdropping. And could go unnoticed for a long time
as everything would just work normally.
So I think no cpu-saving by turning off encryption should be done.
And this would all not help for a denial-of-service attack.
Regards
Tometzky
--
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
were...
Winnie the Pooh
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andreas 'ads' Scherbaum | 2007-12-27 12:09:26 | Re: Binary data type with other output method |
| Previous Message | Andrew Dunstan | 2007-12-27 01:20:59 | Re: Binary data type with other output method |