| From: | Jacob Champion <pchampion(at)vmware(dot)com> |
|---|---|
| To: | "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "peter(dot)eisentraut(at)enterprisedb(dot)com" <peter(dot)eisentraut(at)enterprisedb(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Post-CVE Wishlist |
| Date: | 2021-12-17 01:00:10 |
| Message-ID: | 2d65283ca63d7e8b136c891225334c33a66f91e1.camel@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 2021-12-10 at 15:43 +0200, Heikki Linnakangas wrote:
> ProcessStartupPacket() currently reads the first 4 bytes coming from the
> client to decide what kind of a connection it is, and I believe a TLS
> ClientHello message always begins with the same sequence of bytes, so it
> would be easy to check for.
>
> You could use recv(.., MSG_PEEK | MSG_WAITALL) flags to leave the bytes
> in the OS buffer. Not sure how portable that is, though. Alternatively,
> you could stash them e.g. in a global variable and modify
> secure_raw_read() to return those bytes first.
>
> Overall, doesn't seem very hard to me.
After further thought... Seems like sharing a port between implicit and
explicit TLS will still allow a MITM to put bytes on the wire to try to
attack the client-to-server communication, because they can craft the
SSLRequest themselves and then hand it off to the real client.
But they shouldn't be able to attack the server-to-client communication
if the client is using implicit TLS, so it's still an overall
improvement? I wonder if there are any other protocols out there doing this.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2021-12-17 01:26:53 | Re: Apple's ranlib warns about protocol_openssl.c |
| Previous Message | Peter Smith | 2021-12-17 00:49:38 | Re: row filtering for logical replication |