Home > mailing lists

Re: BUG #15182: Canceling authentication due to timeout aka Denial ofService Attack - Mailing list pgsql-hackers

From	Jeff Janes
Subject	Re: BUG #15182: Canceling authentication due to timeout aka Denial ofService Attack
Date	July 24, 2018 02:14:40
Msg-id	CAMkU=1zKxAHhrrmgPMxdDPvdmeaKKqk7Bma=oQ0=QKAfhoH8Gg@mail.gmail.com Whole thread Raw
In response to	Re: BUG #15182: Canceling authentication due to timeout aka Denial ofService Attack (Marko Tiikkaja <marko@joh.to>)
List	pgsql-hackers

Tree view

On Fri, Jul 20, 2018 at 5:56 PM, Marko Tiikkaja <marko@joh.to> wrote:

On Fri, Jul 20, 2018 at 2:17 AM, Jeremy Schneider <schnjere@amazon.com> wrote:
I'd like to bump this old bug that Lloyd filed for more discussion. It
seems serious enough to me that we should at least talk about it.

Anyone with simply the login privilege and the ability to run SQL can
instantly block all new incoming connections to a DB including new
superuser connections.

So.. don't VACUUM FULL pg_authid without lock_timeout?

That's like saying the solution to a security hole is for no one to attempt to exploit it.

Note that you do not need to have permissions to do the vacuum full. This works merely from the attempt to do so, before the permissions are checked.

Cheers,

Jeff

pgsql-hackers by date:

From: Andres Freund
Date: 24 July 2018, 01:55:48
Subject: Re: Missing pg_control crashes postmaster

From: Peter Eisentraut
Date: 24 July 2018, 03:04:21
Subject: Re: Stored procedures and out parameters

Re: BUG #15182: Canceling authentication due to timeout aka Denial ofService Attack - Mailing list pgsql-hackers

Previous

Next