Postgres Pro
Downloads
Home   >   mailing lists

Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords - Mailing list pgsql-hackers

From Paul Tillotson
Subject Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Date
Msg-id 426718A6.8070703@shentel.net
Whole thread Raw
In response to Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords  (Stephen Frost <sfrost@snowman.net>)
Responses Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
List pgsql-hackers
Tree view 
[snip]

>>The issue pointed out back then was that lots of hosts would have usernames
>>with the same name, namely "postgres". So a distributed attack would be able
>>to use a dictionary attack if it were targeting just the "postgres" user on
>>many hosts.
>>
>>That was deemed not a threat model worth worrying about. It's pretty unlikely
>>someone would have access to the md5sums for many different hosts.
>>    
>>
>
>I'm worried about them having access to the md5sums for my host..
>If they did and I used 'md5' in pg_hba.conf they wouldn't need to brute
>force anything, they'd have all they needed to connect as the postgres
>users on my database.
>
>  
>
Lest anyone think that this is a theoretical attack, PHPBB suffered an 
SQL injection last year that allowed to you to, in essence, learn the 
truth or falsity of a boolean condition (nothing more) because you could 
add conditions to the WHERE clause.

If the application is connecting to the database as superuser, then the 
complete password can be read by testing each letter of the hash using 
substring and subselects in an expression.  For example,

(SELECT substring(password, 1, 1) = 'F' FROM pg_shadow WHERE 
user='postgres')

tests if the first character of the password hash is an F.

By doing this, then the attacker can learn any user's password, even 
though he can't perform any inserts, updates, deletes, etc., and he can 
only extract data slowly.*

Of course, someone is asking to be 0wn3d if they set up PHPBB to connect 
as superuser.  However, given the amount of work done to prevent 
foot-shooting in other areas (e.g., server refuses to run as root), it 
seems inconsistent that using md5 as the connection method opens the 
server to any attacker who knows the hashes.

Perhaps for 8.1 a new authentication method, say, "securemd5," ought to 
be created in which remedies this deficiency?

Regards,
Paul Tillotson

*Interesting mental exercise: if all that your SQL injection allows is 
to add conditions to a WHERE clause evaluated as superuser, how does one 
execute arbitrary code?  I can't think of how to do it offhand.

- You can't INSERT, UPDATE, DELETE, or perform any DDL (including 
creating new functions)
- You can't use COPY to overwrite local files.
- There aren't any built-in functions that write files, change tables, 
etc., are there?

Wouldn't you have to go for a buffer overflow in one of the built-in 
functions?  That's considerably more difficult than simply connecting as 
superuser and using COPY to overwrite local files with arbitrary data.

pgsql-hackers by date:

Previous
From: Christopher Kings-Lynne
Date:
Subject: Re: [COMMITTERS] pgsql: Install some slightly realistic cost estimation
Next
From: Tom Lane
Date:
Subject: Re: WAL/PITR additional items