Re: BUG #15182: Canceling authentication due to timeout aka Denial of Service Attack

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: "Bossart, Nathan" <bossartn(at)amazon(dot)com>
Cc: Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "robertmhaas(at)gmail(dot)com" <robertmhaas(at)gmail(dot)com>, "Schneider, Jeremy" <schnjere(at)amazon(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "lalbin(at)scharp(dot)org" <lalbin(at)scharp(dot)org>
Subject: Re: BUG #15182: Canceling authentication due to timeout aka Denial of Service Attack
Date: 2018-08-29 01:34:41
Message-ID: 20180829013441.GO29157@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs pgsql-hackers

Hi all,

Here is a summary of what has happened since this thread has been
created. Three problems reported on this thread have been solved and
resulted in different commits for early lock lookups:
- VACUUM FULL, patched on 12~:
https://www.postgresql.org/message-id/20180812222142.GA6097@paquier.xyz
Commit a556549: Improve VACUUM and ANALYZE by avoiding early lock queue
- TRUNCATE, patched on 12~:
https://www.postgresql.org/message-id/20180806165816.GA19883@paquier.xyz
Commit f841ceb: Improve TRUNCATE by avoiding early lock queue
- REINDEX, patched on 11~:
https://www.postgresql.org/message-id/20180805211059.GA2185@paquier.xyz
Commit 661dd23: Restrict access to reindex of shared catalogs for
non-privileged users

Please note that I have been very conservative with the different fixes
as v11 is getting very close to release. The patch for REINDEX is a
behavior change which will not get further down anyway. It would still
be nice to get a second lookup at the code and look if there are other
suspicious calls of relation_open or such which could allow
non-privileged users to pile up locks and cause more DOS problems.

Thanks,
--
Michael

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Kyotaro HORIGUCHI 2018-08-29 02:04:34 Re: Reopen logfile on SIGHUP
Previous Message Masahiko Sawada 2018-08-29 00:39:03 Re: Copy function for logical replication slots

Browse pgsql-bugs by date

  From Date Subject
Next Message Thomas Munro 2018-08-29 01:38:03 Re: BUG #15350: Getting invalid cache ID: 11 Errors
Previous Message Dean Rasheed 2018-08-28 19:05:13 Re: BUG #15307: Low numerical precision of (Co-) Variance