Re: Patch to make postmaster bind to only to localhost. - Mailing list pgsql-patches
| From | Bruce Momjian |
|---|---|
| Subject | Re: Patch to make postmaster bind to only to localhost. |
| Date | |
| Msg-id | 200009121539.LAA22524@candle.pha.pa.us Whole thread Raw |
| In response to | Re: Patch to make postmaster bind to only to localhost. (The Hermit Hacker <scrappy@hub.org>) |
| Responses |
Re: Patch to make postmaster bind to only to localhost.
|
| List | pgsql-patches |
The big question is why we can't just scan pg_hba.conf and bind only to those ip's. That way, we don't have to have a new flag. It will all happen by default. > > I'm kinda in agreement with John on this, it does add a level of security > from DOS attacks ... I would have prefer'd the patch being something that > attaches it to a specific IP though, vs just 127.0.0.1 ... I think that > would be slightly more useful ... John, any chance of resubmitting it with > that feature added to it? > > On Tue, 12 Sep 2000, Bruce Momjian wrote: > > > Well, we do reject quite early. For example, we do not start a backend > > to check if the connection should be received, so it seems like we a > > really are not open to any more DOS attack than telnetd or other > > servers. Is that a fair statement? I would need to hear someone else > > who feels strongly about this before adding additional options to the > > postmaster. > > > > > > > > > > > Bruce, > > > > > > I might agree accept for the following. By the time the pg_hba.conf > > > file is checked the connection is already accepted, then rejected > > > by the rule. A outsider could easlily over-load the postmaster by > > > making repeated connections. > > > > > > Also with a port scan a outside cracker can get a small peice of > > > information about what is running on your system. The less information > > > a cracker has the beter. > > > > > > With this patch both of these situitations would not be possible. > > > > > > Would you be more open to a more general, but more complex, patch that > > > would allow you to select the IP's that you bind to. This would allow > > > one to configure a system where the localhost, and an internal interface > > > are bound, but the external interface to the internet is not. > > > > > > Thanks, > > > > > > John C. Quillan > > > > > > > > I am inclinded to skip this patch. We already have too many postmaster > > > > options, and I don't think adding something that already is done in > > > > pg_hba.conf is a big help. Sorry. > > > > > > > > > All, > > > > > > > > > > The company I work, DataSoft, for is doing a web based project > > > > > that uses Java and the JDBC driver for postgres. Aperently the > > > > > developers have told me that the JDBC requires the -i option on > > > > > postmaster. The only problem is this leves a visibility to the > > > > > outside world that we are using postmaster, or some other service. > > > > > Now we do have the pg_hba.conf configured to allow connections > > > > > from only that box it self, but you can never be two parinoid. > > > > > > > > > > The patch that is attached adds a "-L" option to postmaster, which > > > > > tells postmaster to bind only to 127.0.0.1 or localhost. Now this > > > > > port is not exposed to the outside world, ie port scanners can't > > > > > detect it, and we can run our Java code with a little more comfort. > > > > > > > > > > The patch is against the postgresql-7.0.2 source tree. > > > > > > > > > > The patch was minimally test under Linux kernel 2.2.5 using > > > > > a RedHat 6.0 distribution. > > > > > > > > > > The files effected are > > > > > postgresql-7.0.2/src/backend/libpq/pqcomm.c > > > > > postgresql-7.0.2/src/include/libpq/libpq.h > > > > > postgresql-7.0.2/src/backend/postmaster/postmaster.c > > > > > > > > > > The patch just addes the -L option with a bool flag variable > > > > > BindLocalOnly to postmaster.c > > > > > > > > > > Also the StreamServerPort function was modified to tha an extra > > > > > bool arguement which then if true causes the socket to be bound > > > > > to INADDR_LOOPBACK instead of INADDR_ANY. > > > > > > > > > > The patch is just a tar.gz file that extracts over the postgresql-7.0.2 > > > > > source tree. > > > > > > > > > > If there are any issues pleas let me know. > > > > > > > > > > Thanks, > > > > > > > > > > John C. Quillan > > > > > john_quillan@datasoft.com > > > > > > > > [ application/x-gzip is not supported, skipping... ] > > > > > > > > -- > > > > Bruce Momjian | http://candle.pha.pa.us > > > > pgman@candle.pha.pa.us | (610) 853-3000 > > > > + If your life is a hard drive, | 830 Blythe Avenue > > > > + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 > > > > > > > > > -- > > Bruce Momjian | http://candle.pha.pa.us > > pgman@candle.pha.pa.us | (610) 853-3000 > > + If your life is a hard drive, | 830 Blythe Avenue > > + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 > > > > Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy > Systems Administrator @ hub.org > primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org > > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
pgsql-patches by date: