Postgres Pro
Downloads
Home   >   mailing lists

Re: postgres uptime - Mailing list pgsql-hackers

From Marc G. Fournier
Subject Re: postgres uptime
Date
Msg-id 20040820011847.M30511@ganymede.hub.org
Whole thread Raw
In response to Re: postgres uptime  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: postgres uptime  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
Tree view 
On Fri, 20 Aug 2004, Tom Lane wrote:

> "Marc G. Fournier" <scrappy@postgresql.org> writes:
>> On Thu, 19 Aug 2004, Tom Lane wrote:
>>> I'd like to see more than one person requesting this (and with solider
>>> rationales) before it gets added to TODO.  If I wanted to be picky I
>>> would suggest that knowledge of the server start time might be useful
>>> information to an attacker.  It would for instance narrow down the
>>> number of possible starting seeds for the postmaster's random number
>>> generator.
>
>> Wouldn't an attacker have to have access to the server in the first place
>> to get that information?
>
> They'd only need SQL access to run the proposed uptime() function.  The
> question is what they could parlay the information into --- perhaps the
> ability to break into a more-privileged database account, or maybe even
> the ability to break into other services on the same machine.  It's not
> unreasonable to suppose that the postmaster start time tells you the
> most recent boot time of the server, and so you might be able to apply
> the same sort of I-know-the-random-seed attack to other daemons on the
> same machine.
>
> This is certainly all speculative.  But I thought the rationale for
> clients wanting to know the postmaster start time in the first place
> was pretty dang thin.  I am simply pointing out that this is not a
> zero-risk addition, and so we ought to ask just how much more than zero
> benefit it really has.

Good point(s) ... but, what would that give an attacker?  Being able to 
isolate the random seed, that is?  For instance, if you are thinking of 
shared memory allocations, unless we have a hole in the server itself that 
we aren't aware of, the only way that does any good is if the attacker 
does have access to the host machine itself to start with, and then he can 
get that info simply using ps (or the uptime command) ...


Does anyone have any 'benefits' to implementing such a thing that we can 
list?  The cons appear to be easy, what about pros?

Note that I don't put my weight on my comment about 'bragging rights' as a 
pro, since, again, that info is just as easy to get by the admin via ps 
...


----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email: scrappy@hub.org           Yahoo!: yscrappy              ICQ: 7615664

pgsql-hackers by date:

Previous
From: Christopher Kings-Lynne
Date:
Subject: Re: tablespace and sequences?
Next
From: Tom Lane
Date:
Subject: Re: tablespace and sequences?