Re: enabling tcpip_socket by default - Mailing list pgsql-hackers

From Andrew Dunstan
Subject Re: enabling tcpip_socket by default
Date
Msg-id 2265.24.211.141.25.1084849332.squirrel@www.dunslane.net
Whole thread Raw
In response to Re: enabling tcpip_socket by default  (Bruno Wolff III <bruno@wolff.to>)
List pgsql-hackers
Bruno Wolff III said:
> On Mon, May 17, 2004 at 18:00:48 -0400,
>  Andrew Dunstan <andrew@dunslane.net> wrote:
>>
>> But what we listen to relates to the destination address of the
>> packets,  not the source address ...
>
> There still is some small risk. If you OS doesn't reject packets
> destined for 127.*.*.* that don't come from the loopback interface, it
> is possible for someone on your local network to at least do a blind
> spoofing attack, possibly they might also be able to get replies back
> as well.


For some value of "small" approaching 0 :-) .

The default configuration will only allow localhost-localhost connections
(via the combination of the default listening_addresses value and the
default pg_hba.conf settings). So to spoof it successfully you would have
to be able to get the host to accept a nonlocal packet addressed to
localhost AND get it to route the reply addressed to localhost to your
nonlocal machine.

If you have such an insecure OS you should
- throw it in the bin and get another with a sane network stack, and
- in the meantime set listening_addresses to "" to turn of TCP altogether.

But then PostgreSQL is likely to be the least of your problems, I suspect.

Bear in mind that behaviour has not changed at all really, only *which*
behaviour is the default.

cheers

andrew







pgsql-hackers by date:

Previous
From: "Joshua D. Drake"
Date:
Subject: Re: Call for 7.5 feature completion
Next
From: "Marc G. Fournier"
Date:
Subject: Re: Call for 7.5 feature completion