Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Brendan Jurd <direvus(at)gmail(dot)com>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 22:18:43
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Tom Lane wrote:
> Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl> writes:
>> So I'm not very fond of this "insecure by default, it's your problem
>> to make it secure" attitude. I'm the one who reported this.
> IIRC, you started out your argument by also saying that we had to move
> the TCP socket to the reserved range, so as to prevent the equivalent
> problem in the TCP case.  (And, given the number of clients such as
> JDBC that can only connect via TCP, it certainly seems there's little
> point in changing the socket case if we don't change the TCP case.)

It should also be noted that not all operating systems even have the
concept of a reserved range of ports.

> Fundamentally these are man-in-the-middle attacks, and the only real
> solution is mutual authentication.  Pretending that some quick-fix
> change eliminates that class of problem is a recipe for building systems
> that are less secure, not more so.

And SSL can certainly do that. But I can agree that our SSL
documentation could be much clearer on how to do things, and what's a
best practice :-)

Instead of just adding a section on "preventing spoofing attacks",
perhaps what we really need is a general chapter on how to secure your
system and what's best practices. Which would also cover things like
don't run everything as superuser etc (which is a much more likely
problem to be seen in deployments)


In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 2007-12-23 22:42:02
Subject: Re: Spoofing as the postmaster
Previous:From: Martijn van OosterhoutDate: 2007-12-23 22:18:28
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group