| From: | "Andrew Dunstan" <andrew(at)dunslane(dot)net> |
|---|---|
| To: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: enabling tcpip_socket by default |
| Date: | 2004-05-18 03:02:12 |
| Message-ID: | 2265.24.211.141.25.1084849332.squirrel@www.dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Bruno Wolff III said:
> On Mon, May 17, 2004 at 18:00:48 -0400,
> Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>>
>> But what we listen to relates to the destination address of the
>> packets, not the source address ...
>
> There still is some small risk. If you OS doesn't reject packets
> destined for 127.*.*.* that don't come from the loopback interface, it
> is possible for someone on your local network to at least do a blind
> spoofing attack, possibly they might also be able to get replies back
> as well.
For some value of "small" approaching 0 :-) .
The default configuration will only allow localhost-localhost connections
(via the combination of the default listening_addresses value and the
default pg_hba.conf settings). So to spoof it successfully you would have
to be able to get the host to accept a nonlocal packet addressed to
localhost AND get it to route the reply addressed to localhost to your
nonlocal machine.
If you have such an insecure OS you should
- throw it in the bin and get another with a sane network stack, and
- in the meantime set listening_addresses to "" to turn of TCP altogether.
But then PostgreSQL is likely to be the least of your problems, I suspect.
Bear in mind that behaviour has not changed at all really, only *which*
behaviour is the default.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2004-05-18 03:12:29 | Re: Call for 7.5 feature completion |
| Previous Message | Joshua D. Drake | 2004-05-18 02:45:06 | Re: Call for 7.5 feature completion |