| From: | The Hermit Hacker <scrappy(at)hub(dot)org> |
|---|---|
| To: | Micha3 Mosiewicz <mimo(at)lodz(dot)pdi(dot)net> |
| Cc: | todd brandys <brandys(at)eng3(dot)hep(dot)uiuc(dot)edu>, hackers(at)postgresql(dot)org |
| Subject: | Re: [HACKERS] Re: New pg_pwd patch and stuff |
| Date: | 1998-01-16 04:11:46 |
| Message-ID: | Pine.NEB.3.96.980116000936.259b-100000@thelab.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 16 Jan 1998, Micha3 Mosiewicz wrote:
> No, no, no! For security reasons, you can't fork (and exec)
> unauthenticated processes. Especially HBA authentication should be done
> to consume as low resources as possbile. Otherwise you open a giant door
> for so infamously called Denial of Service attacks. Afterwards, every
> hacker will know that to bring your system running postgres to it's
> knees he just have to try to connect to 5432 port very frequently. "OK",
> you might say, "I have this firewall". "OK", I say, "so what's that HBA
> for?".
>
> So it's the postmaster's role to deny as much connections as possible.
> Unless we speak of non-execing postgres childs?
Hrmmmm...i don't quite agree with this. postmaster can handle one
connection at a time, and then has to pass it off to the postgres backend
process...DoS attacks are easier now then by forking before HBA. I just have
to continuously open a connection to port 5432...so, while postmaster is
handling that connection, checking HBA, checking a password...no other new
connections can happen. Can't think of a stronger DoS then that...? :)
Marc G. Fournier
Systems Administrator @ hub.org
primary: scrappy(at)hub(dot)org secondary: scrappy(at){freebsd|postgresql}.org
| From | Date | Subject | |
|---|---|---|---|
| Next Message | D'Arcy J.M. Cain | 1998-01-16 04:21:30 | Re: [HACKERS] CBAC (content based access control), OIDs, auto fields |
| Previous Message | Vadim B. Mikheev | 1998-01-16 03:30:22 | Re: [HACKERS] postgres performance |