Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Mike Rylander" <mrylander(at)gmail(dot)com>
Cc: "Peter Eisentraut" <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, "Bruce Momjian" <bruce(at)momjian(dot)us>, "Tomasz Ostrowski" <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-22 19:08:36
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
"Mike Rylander" <mrylander(at)gmail(dot)com> writes:
> On Dec 22, 2007 1:04 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> Hmm ... we've always thought of SSL as being primarily comm security
>> and thus useless on a Unix socket, but the mutual authentication aspect
>> could come in handy as an answer for this type of threat.  Anyone want
>> to try this and see if it really works or not?
>> Does OpenSSL have a mode where it only does mutual auth and not
>> encryption?

> miker(at)whirly:~$ openssl ciphers -v  'NULL'

Cool.  I took a quick look through the code, and I think that a smoke
test could be made just by diking out these lines in 

                if (IS_AF_UNIX(conn->raddr.addr.ss_family))
                    /* Don't bother requesting SSL over a Unix socket */
                    conn->allow_ssl_try = false;

Actual support would require rather more effort --- for instance,
I doubt that the default behavior should be to try to do SSL over a
socket, so "sslmode" would need some extension, and we'd want to extend
the pg_hba.conf keywords --- but I think this would be enough to allow
verifying whether it will work.

			regards, tom lane

In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 2007-12-22 19:21:42
Subject: Re: Spoofing as the postmaster
Previous:From: Marko KreenDate: 2007-12-22 19:03:54
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group