| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | sdfasdf asdfasdf <sofiamay(at)mail(dot)ru> |
| Cc: | Pg Bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: Re[2]: [BUGS] BUG #10140: Configured for 127.0.0.1 but binds to all IP |
| Date: | 2014-04-26 19:29:22 |
| Message-ID: | CA+OCxoxyMN8WVZ1VHgSpz5p_QLo=R=3dbeDLRtXARME_wThQqw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Sat, Apr 26, 2014 at 8:50 AM, sdfasdf asdfasdf <sofiamay(at)mail(dot)ru> wrote:
> IT IS A SECURITY (NETWORK) BUG (bind to all ip instead of 127.0.0.1).
>
> 1) I download binare form http://www.enterprisedb.com/products-services-training/pgbindownload
>
> Versions wich i download: 9.3.4 and 9.2.8 (Win x86-32)
>
> 2) In config file i wrote:
>
> listen_addresses = '127.0.0.1'
>
> 3) Then i do init db and run this command:
>
> C:\database\PostgreSQL-9.3.4\bin\pg_ctl.exe start -w -D "C:\Postgre" -s -o "-i"
>
> PostgreSQL start and work fine, but binds to all ips.
>
> My system is WINDOWS 7. Win7 pro x64. NOT LINUX.
>
> In Console:
> **********************************
> psql -U postgres
> show listen_addresses;
>
> output:
> listen_addresses
> ------------------
> *
> (1 User)
> **********************************
>
> But show in config file: C:\Postgre\postgresql.conf
>
> In Console:
> **********************************
> sort<C:\Postgre\postgresql.conf
> lalala....
> listen_addresses = '127.0.0.1' # what IP address(es) to listen on;
> lalala....
> **********************************
>
> then
>
> In Console:
> **********************************
> netstat -a
>
> TCP 0.0.0.0:5432 UserPC:0 LISTENING
> TCP [::]:5432 UserPC:0 LISTENING
> **********************************
>
> I test this bug with 9.3 and 9.2 (Win x86-32) versions of PostgreSQL. Another version not tested (i have not time).
> You can check it yourself.
I checked it myself, on Windows 7 x86_64, with 9.3 (64 bit) using
127.0.0.1 and 9.2 (32 bit) using localhost. In both cases:
- Show listen_addresses returns the expected value.
- If I try to connect using my non-loopback addresses, the connections fail.
- Netstat shows that the servers are only listening on 127.0.0.1
(ports 5433 and 5436 in this case):
C:\Users\dpage\Documents>netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8192 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8193 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8194 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49185 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49241 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49242 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49252 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49253 0.0.0.0:0 LISTENING
TCP 0.0.0.0:51234 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5433 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5436 0.0.0.0:0 LISTENING
...
...
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2014-04-26 19:32:59 | Re: Re[2]: [BUGS] BUG #10140: Configured for 127.0.0.1 but binds to all IP |
| Previous Message | Evgen Bodunov | 2014-04-26 08:45:11 | Re: BUG #10141: Server fails to send query result. |