| From: | Marko Karppinen <marko(at)karppinen(dot)fi> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Tatsuo Ishii <t-ishii(at)sra(dot)co(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: enabling tcpip_socket by default |
| Date: | 2004-05-17 07:29:26 |
| Message-ID: | ECFAE727-A7D3-11D8-9207-000A95C56374@karppinen.fi |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Tatsuo Ishii wrote:
>> Is there any security risk if we enable tcpip_socket by default? We
>> restrict connection from localhost only by default so I think enabling
>> tcpip_socket adds no security risk. Please correct me if I am wrong.
Bruce Momjian wrote:
> Right, and 7.5 will ship with tcp and localhost enabled.
If the default will be to listen on all interfaces, not just 127.0.0.1,
then this IS a security risk. And if that's not the plan, what good does
this change do? Any "real" use of tcp would still require a
configuration
change anyway.
Listening on public network interfaces by default would multiply by
orders of magnitude the number of machines vulnerable to potential
future remote exploits.
I gather that the pre-authentication code paths are pretty well known,
and that the chances of such an attack are slim. Nevertheless I cannot
help but note that it is exactly this default setting that caused
Microsoft SQL Server to lose a big, big chunk of its reputation, and
gain notoriety as a launchpad for Windows worms.
mk
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Philip Yarra | 2004-05-17 07:40:06 | Re: enabling tcpip_socket by default |
| Previous Message | Marko Karppinen | 2004-05-17 07:13:54 | Re: Rough draft for Unicode-aware UPPER()/LOWER()/INITCAP() |