Thread: BUG #1191: odd usage of port 512 on localhost
The following bug has been logged online: Bug reference: 1191 Logged by: John D. Hendrickson Email address: johndhendrickson22124@yahoo.com PostgreSQL version: 7.4 Operating system: Debian testing Description: odd usage of port 512 on localhost Details: Hi, Since I've installed postgres on debian-testing I'm getting firewall logs of: RELATED PACKET: SRC=localhost DST=localhost PROTO=ICMP CODE=3,3 PROTO=UDP SPT=1030 DPT=512 My logs show it happens every time postgres postmaster sends mail. Any clue as to why Postgres would want rexecd on localhost? After all, the inetd author said NOT to allow anything localhost in hosts.allow since applications can too easily be insecure that way on many OSes. Postgres doesn't say anything about using remote execution on the localhost in the documentation. Is this "feature" in the source code somewhere? As we see, this is a "RELATED" packet which tries to get through. However, 3,3 (I hope) implies that inetd does block access. NOTE! Just the packet alone is enough to put a hole in most running statefull firewalls.
"PostgreSQL Bugs List" <pgsql-bugs@postgresql.org> writes: > Since I've installed postgres on debian-testing I'm getting firewall logs > of: > RELATED PACKET: > SRC=localhost DST=localhost PROTO=ICMP CODE=3,3 > PROTO=UDP SPT=1030 DPT=512 > My logs show it happens every time postgres postmaster sends mail. Since the postmaster does not send mail, you're going to have to start by explaining that remark. Are you perhaps using some non-postgres-supplied code to send mail? If so, are you sure that code is not to blame? regards, tom lane
On Mon, Jul 12, 2004 at 09:28:05PM -0300, PostgreSQL Bugs List wrote: > > Since I've installed postgres on debian-testing I'm getting firewall logs > of: > > RELATED PACKET: > SRC=localhost DST=localhost PROTO=ICMP CODE=3,3 > PROTO=UDP SPT=1030 DPT=512 > > My logs show it happens every time postgres postmaster sends mail. $ grep 512 /etc/services exec 512/tcp biff 512/udp comsat $ You are seeing "biff", or the email-notification service (depricated) at work. Something in the startup of Postgres sends email, and that is what causes this. Nothing to worry about. > Any clue as to why Postgres would want rexecd on localhost? After all, the > inetd author said NOT to allow anything localhost in hosts.allow since > applications can too easily be insecure that way on many OSes. No, not exec, but biff/comsat. (Udp versus Tcp) -- einari@f-prot.com