Re: Spoofing as the postmaster

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Brendan Jurd <direvus(at)gmail(dot)com>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 19:40:56
Message-ID: 476EB9C8.8020801@hagander.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> Peter Eisentraut wrote:
>>> These services either use a protected port or a protected directory, or they
>>> support SSL or something similar (SSH), or they are deprecated, as many
>>> traditional Unix services are. If you find a service that is not covered by
>>> this, then yes, you have a problem.
>
>> It's certainly the default on my SQL Servers. And Sybase. AFAIK it's the
>> default on MySQL,
>
> Nyet. I find this in configure.in in mysql 5.0.45 (reasonably current):
>
> # The port should be constant for a LONG time
> MYSQL_TCP_PORT_DEFAULT=3306
> MYSQL_UNIX_ADDR_DEFAULT="/tmp/mysql.sock"
>
> I see that Red Hat's RPM specfile overrides that:
> --with-unix-socket-path=/var/lib/mysql/mysql.sock
> which was a decision that was taken long before I had anything to do
> with it. Note that neither the out-of-the-box default nor the
> RH-modified convention appear to support multiple servers on the same
> box with any degree of convenience; the server doesn't adjust the path
> name depending on port number.

I was referring to the listening on TCP connections over localhost
without SSL. Port 3306 isn't protected AFAIK, and there's nothing in
those lines that says it's SSL only. But then again, neither is the
/tmp/mysql.sock file. Am I missing something here, or did you just post
a piece of configure that *agreed* with what I said? ;-)

//Magnus

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2007-12-23 19:52:28 Re: Spoofing as the postmaster
Previous Message Tom Lane 2007-12-23 19:37:26 Re: Spoofing as the postmaster