Postgres Pro
Downloads
Home   >   mailing lists

Thread: BUG #1191: odd usage of port 512 on localhost

BUG #1191: odd usage of port 512 on localhost

From
"PostgreSQL Bugs List"
Date:
The following bug has been logged online:

Bug reference:      1191
Logged by:          John D. Hendrickson

Email address:      johndhendrickson22124@yahoo.com

PostgreSQL version: 7.4

Operating system:   Debian testing

Description:        odd usage of port 512 on localhost

Details:

Hi,

Since I've installed postgres on debian-testing I'm getting firewall logs
of:

RELATED PACKET:
SRC=localhost DST=localhost PROTO=ICMP CODE=3,3
PROTO=UDP SPT=1030 DPT=512

My logs show it happens every time postgres postmaster sends mail.

Any clue as to why Postgres would want rexecd on localhost?  After all, the
inetd author said NOT to allow anything localhost in hosts.allow since
applications can too easily be insecure that way on many OSes.

Postgres doesn't say anything about using remote execution on the localhost
in the documentation.  Is this "feature" in the source code somewhere?

As we see, this is a "RELATED" packet which tries to get through.  However,
3,3 (I hope) implies that inetd does block access.  NOTE!  Just the packet
alone is enough to put a hole in most running statefull firewalls.

Re: BUG #1191: odd usage of port 512 on localhost

From
Tom Lane
Date:
"PostgreSQL Bugs List" <pgsql-bugs@postgresql.org> writes:
> Since I've installed postgres on debian-testing I'm getting firewall logs
> of:

> RELATED PACKET:
> SRC=localhost DST=localhost PROTO=ICMP CODE=3,3
> PROTO=UDP SPT=1030 DPT=512

> My logs show it happens every time postgres postmaster sends mail.

Since the postmaster does not send mail, you're going to have to start
by explaining that remark.  Are you perhaps using some
non-postgres-supplied code to send mail?  If so, are you sure that code
is not to blame?

            regards, tom lane

Re: BUG #1191: odd usage of port 512 on localhost

From
Einar Indridason
Date:
On Mon, Jul 12, 2004 at 09:28:05PM -0300, PostgreSQL Bugs List wrote:
>
> Since I've installed postgres on debian-testing I'm getting firewall logs
> of:
>
> RELATED PACKET:
> SRC=localhost DST=localhost PROTO=ICMP CODE=3,3
> PROTO=UDP SPT=1030 DPT=512
>
> My logs show it happens every time postgres postmaster sends mail.

$ grep 512 /etc/services
exec            512/tcp
biff            512/udp         comsat
$

You are seeing "biff", or the email-notification service (depricated) at
work.  Something in the startup of Postgres sends email, and that is what
causes this.

Nothing to worry about.

> Any clue as to why Postgres would want rexecd on localhost?  After all, the
> inetd author said NOT to allow anything localhost in hosts.allow since
> applications can too easily be insecure that way on many OSes.

No, not exec, but biff/comsat.  (Udp versus Tcp)

--
einari@f-prot.com