Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: "Brendan Jurd" <direvus(at)gmail(dot)com>
To: "Bruce Momjian" <bruce(at)momjian(dot)us>
Cc: "Gurjeet Singh" <singh(dot)gurjeet(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, "Tomasz Ostrowski" <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 02:07:05
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
On Dec 23, 2007 12:20 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> Gurjeet Singh wrote:
> > On Dec 22, 2007 6:25 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> >     This way, if the attacker has control of even one interface (and
> > optionally the local socket) that the clients are expected to connect to,
> > the postmaster wouldn't start and the attacker won't have any traffic to
> > peek into.
> Yes, that would fix the problem I mentioned but at that point the
> attacker already has passwords so they can just connect themselves.
> Having the server fail if it can't get one interface makes the server
> less reliable.

It doesn't solve the spoofing attack problem, but isn't Gurjeet's idea
a good one in any case?

If the postmaster can't bind on one of the specified interfaces, then
at the least, haven't you got got a serious configuration error the
sysadmin would want to know about?  Having postmaster fail seems like
a sensible response.

"I can't start with the configuration you've given me, so I won't
start at all" is fairly normal behaviour for a server process, no?


In response to


pgsql-hackers by date

Next:From: Bruce MomjianDate: 2007-12-23 02:10:38
Subject: Re: Spoofing as the postmaster
Previous:From: Bruce MomjianDate: 2007-12-23 01:20:53
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group