| From: | Craig Ringer <craig(at)2ndquadrant(dot)com> |
|---|---|
| To: | Gasper Zejn <zejn(at)owca(dot)info> |
| Cc: | Claudio Freire <klaussfreire(at)gmail(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: disable SSL compression? |
| Date: | 2018-03-10 13:43:13 |
| Message-ID: | CAMsr+YF1OC4LV_UTEfB3Sb1Rt2gm_PvxbShhHW++yHXfq+Tq=w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 9 March 2018 at 14:17, Gasper Zejn <zejn(at)owca(dot)info> wrote:
> On 09. 03. 2018 06:24, Craig Ringer wrote:
>
> I'm totally unconvinced by the threat posed by exploiting a client by
> tricking it into requesting protocol compression - or any other protocol
> change the client lib doesn't understand - with a connection option in
> PGOPTIONS or the "options" connstring entry. The attacker must be able to
> specify either environment variables (in which case I present "LD_PRELOAD")
> or the connstr. If they can set a connstr they can direct the client to
> talk to a different host that tries to exploit the connecting client in
> whatever manner they wish by sending any custom crafted messages they like.
>
> If the attacker has access to client process or environment, he's already
> won and this is not where the compression vulnerability lies.
>
>
I'm aware. That's a reference to Tom's often-stated objection to using a
GUC as a client flag to enable new server-to-client protocol messages, not
anything re SSL.
--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christos Maris | 2018-03-10 13:46:52 | Google Summer of Code: Potential Applicant |
| Previous Message | Mark Dilger | 2018-03-10 13:08:34 | Re: [HACKERS] PATCH: multivariate histograms and MCV lists |