Thread: postgresql 7.2b5 and vserver: statistics sockets

postgresql 7.2b5 and vserver: statistics sockets

From
Date:
Hello,

I'm using vserver (http://www.solucorp.qc.ca/miscprj/s_context.hc)
together with postgresql 7.2b5.

For those who aren't familiar with vserver, it is sort of a improved
chroot jail where port bindings and process signals are also restricted.

When starting postgresql in such a vserver, i get the following error :
(using strace on the postmaster)

----
getpid()                                = 6609
unlink("/var/ipfc/database//global/pgstat.stat") = -1 ENOENT (No such file
or directory)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
bind(5, {sin_family=AF_INET, sin_port=htons(0),
sin_addr=inet_addr("127.0.0.1")}}, 16) = -1 EADDRNOTAVAIL (Cannot assign
requested address)
dup(2)                                  = 6
fcntl64(0x6, 0x3, 0x6, 0)               = 32770
fstat64(6, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 2), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40018000
_llseek(6, 0, 0xbfffeca0, SEEK_CUR)     = -1 ESPIPE (Illegal seek)
write(6, "PGSTAT: bind(2): Cannot assign r"..., 49PGSTAT: bind(2): Cannot
assign requested address
) = 49
close(6)                                = 0
----

so the bind on address 127.0.0.1 (for the statistics process) is not
allowed (which is correct).  How can I change this value ? (If no other
possibility is available, I'm going to change the source)

Best regards,
Tycho Fruru

--
Tycho Fruru            tycho.fruru@conostix.com
Users' impressions of different operating systems, expressed as emoticons:
Linux:   :)
Windows: XP





Re: postgresql 7.2b5 and vserver: statistics sockets

From
"Roderick A. Anderson"
Date:
On Wed, 23 Jan 2002 postgresql@fruru.com wrote:

> Hello,
>
> I'm using vserver (http://www.solucorp.qc.ca/miscprj/s_context.hc)
> together with postgresql 7.2b5.
>
> For those who aren't familiar with vserver, it is sort of a improved
> chroot jail where port bindings and process signals are also restricted.
>
> When starting postgresql in such a vserver, i get the following error :
> (using strace on the postmaster)

Try creating a v_postgresql init file (attached example) and disabling
postgresql in the main server.  PostgreSQL binds to a port like the
other v_* services do.


Cheers,
Rod
--
                      Let Accuracy Triumph Over Victory

                                                       Zetetic Institute
                                                        "David's Sling"
                                                         Marc Stiegler

Attachment

Re: postgresql 7.2b5 and vserver: statistics sockets

From
Date:
On Wed, 23 Jan 2002, Roderick A. Anderson wrote:

> Try creating a v_postgresql init file (attached example) and disabling
> postgresql in the main server.  PostgreSQL binds to a port like the
> other v_* services do.

There is no postgres in the main server.  The only postgres (should) run
in a vserver.  The problem is that there seems to be a bind to IP address
127.0.0.1 hardcoded in the postgresql source (see
/postgresql-7.2b5/src/backend/postmaster/pgstat.c) which obviously does
not work in the vserver (exactly because it is already ip limited!)

BTW: i have edited postgresql.conf to have the postmaster bind to the
right IP address.  It is the statistics collection process that screws up
in my case (no 127.0.0.1 available).

Anyone has a patch handy by accident ? ;-)

I might just change the behavior to "bind to any port and you better have
a good firewall to protect you" ...

Regards,
Tycho




Re: postgresql 7.2b5 and vserver: statistics sockets

From
Tom Lane
Date:
<postgresql@fruru.com> writes:
> so the bind on address 127.0.0.1 (for the statistics process) is not
> allowed (which is correct).  How can I change this value ?

You don't.  I see nothing wrong with the code's behavior; it's your
jail that's being too restrictive.

            regards, tom lane

Re: postgresql 7.2b5 and vserver: statistics sockets

From
Date:
I know it is pathetic to reply to one's own mail but hey ...

On Wed, 23 Jan 2002 postgresql@fruru.com wrote:

> Anyone has a patch handy by accident ? ;-)
>
> I might just change the behavior to "bind to any port and you better have
> a good firewall to protect you" ...
when binding to the 0.0.0.0 address (or the address given to the vserver)
everything is shiny and rosy.  I can live with having to patch (as there
is not much enthousiasm for getting this behaviour configurable) postgres
manually for this.

If more people encounter the same problem (it's the way vserver works,
there are some good arguments on why not to make 127.0.0.1 available) I
can come up with a cleaner solution - like a configuration directive or
something.

Thanks for the feedback,
Tycho



Re: postgresql 7.2b5 and vserver: statistics sockets

From
Tom Lane
Date:
<postgresql@fruru.com> writes:
> If more people encounter the same problem (it's the way vserver works,
> there are some good arguments on why not to make 127.0.0.1 available)

Uh ... what are they?  We're willing to listen to reasonable arguments
why that needs to be configurable.

            regards, tom lane

Re: postgresql 7.2b5 and vserver: statistics sockets

From
Doug McNaught
Date:
<postgresql@fruru.com> writes:

> I know it is pathetic to reply to one's own mail but hey ...

Hey, we all have to do it every once in a while.  ;)

> If more people encounter the same problem (it's the way vserver works,
> there are some good arguments on why not to make 127.0.0.1 available) I
> can come up with a cleaner solution - like a configuration directive or
> something.

If you want your fix in the main tree that's probably what you'll need
to do.  I suggest you post to -hackers outlining the problem and your
proposed solution--they may be willing to accept a patch once 7.3 gets
started.

-Doug
--
Let us cross over the river, and rest under the shade of the trees.
   --T. J. Jackson, 1863

Re: postgresql 7.2b5 and vserver: statistics sockets

From
"Roderick A. Anderson"
Date:
On Wed, 23 Jan 2002 postgresql@fruru.com wrote:

> On Wed, 23 Jan 2002, Roderick A. Anderson wrote:
>
> There is no postgres in the main server.  The only postgres (should) run
> in a vserver.  The problem is that there seems to be a bind to IP address
> 127.0.0.1 hardcoded in the postgresql source (see
> /postgresql-7.2b5/src/backend/postmaster/pgstat.c) which obviously does
> not work in the vserver (exactly because it is already ip limited!)

OOPS.  My solution to my problem.  I've look at what documentation
there is (a brief play-around in the vserver documentation) and will
have to contact Jacques about this.


Cheers,
Rod
--
                      Let Accuracy Triumph Over Victory

                                                       Zetetic Institute
                                                        "David's Sling"
                                                         Marc Stiegler



Re: postgresql 7.2b5 and vserver: statistics sockets

From
Date:
On Wed, 23 Jan 2002, Tom Lane wrote:

> <postgresql@fruru.com> writes:
> > If more people encounter the same problem (it's the way vserver works,
> > there are some good arguments on why not to make 127.0.0.1 available)
>
> Uh ... what are they?  We're willing to listen to reasonable arguments
> why that needs to be configurable.

All the vservers on a physical machine actually run on the same kernel and
therefore share the same loopback interface.  Every vserver has one IP
address (alias) which it can use as its own.  So using the alias we know
in advance which vserver (if any) we send a packet to.  Using 127.0.0.1 we
don't, since if we don't limit the use of this address by the vservers,
everyone (including people in a "hostile" vserver on the same physical
machine) could bind to it and interfere with our vserver -> Not So
Good(tm).

Having multiple lo interfaces, one per vserver, on the same "real"
kernel could be a solution were it not that this quickly becomes a mess
(i see some routing issues)

Of course, when binding the stats port to something else than 127.0.0.1
one needs to implement a minimum of firewalling if one doesn't trust the
network (or the other vservers).  But this isn't really new and I hope
anyone in such a case already has their FW up and running.

Hope this helps,
Tycho Fruru






Re: postgresql 7.2b5 and vserver: statistics sockets

From
Tom Lane
Date:
<postgresql@fruru.com> writes:
> On Wed, 23 Jan 2002, Tom Lane wrote:
>> <postgresql@fruru.com> writes:
> If more people encounter the same problem (it's the way vserver works,
> there are some good arguments on why not to make 127.0.0.1 available)
>>
>> Uh ... what are they?  We're willing to listen to reasonable arguments
>> why that needs to be configurable.

> All the vservers on a physical machine actually run on the same kernel and
> therefore share the same loopback interface.  Every vserver has one IP
> address (alias) which it can use as its own.  So using the alias we know
> in advance which vserver (if any) we send a packet to.  Using 127.0.0.1 we
> don't, since if we don't limit the use of this address by the vservers,
> everyone (including people in a "hostile" vserver on the same physical
> machine) could bind to it and interfere with our vserver -> Not So
> Good(tm).

That might be a good argument in general, but it does not apply to
Postgres' use of 127.0.0.1, because we bind that socket to its own
address, so only packets out of the same socket will be received.
(Without this, the statistics setup would be quite insecure in the
normal non-vserver case.)  We don't really care whether other vservers
are using other 127.0.0.1 ports.

I'm still of the opinion that the blame for insufficient configurability
should be placed on vserver not Postgres; vserver should have an option
to let you use 127.0.0.1.

            regards, tom lane

Re: postgresql 7.2b5 and vserver: statistics sockets

From
Date:
> > everyone (including people in a "hostile" vserver on the same physical
> > machine) could bind to it and interfere with our vserver -> Not So
> > Good(tm).
>
> That might be a good argument in general, but it does not apply to
> Postgres' use of 127.0.0.1, because we bind that socket to its own
> address, so only packets out of the same socket will be received.

What you're saying is that it shouldn't really matter whether you use
127.0.0.1, the ipv6 ::1 or another ipv4 or 6 address (but that's another
can of worms :-).

Anyway, the problem is pinpointed and solved (for me).

Regards,
Tycho

--
Tycho Fruru            tycho.fruru@conostix.com
Users' impressions of different operating systems, expressed as emoticons:
Linux:   :)
Windows: XP



Re: postgresql 7.2b5 and vserver: statistics sockets

From
Tom Lane
Date:
<postgresql@fruru.com> writes:
>> That might be a good argument in general, but it does not apply to
>> Postgres' use of 127.0.0.1, because we bind that socket to its own
>> address, so only packets out of the same socket will be received.

> What you're saying is that it shouldn't really matter whether you use
> 127.0.0.1, the ipv6 ::1 or another ipv4 or 6 address (but that's another
> can of worms :-).

As long as it's routed to our own machine, no it doesn't matter.  But
AFAIK there is no other generally-accepted loopback address.

            regards, tom lane

Re: postgresql 7.2b5 and vserver: statistics sockets

From
Vivek Khera
Date:
>>>>> "p" == postgresql  <postgresql@fruru.com> writes:

p> so the bind on address 127.0.0.1 (for the statistics process) is not
p> allowed (which is correct).  How can I change this value ? (If no other
p> possibility is available, I'm going to change the source)

The vserver application needs to be fixed to re-route calls to bind
localhost IP address to the IP address for that jail.  FreeBSD's jail
system does this.  It is unreasonable to expect a program not to have
access to 127.0.0.1.

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.                Khera Communications, Inc.
Internet: khera@kciLink.com       Rockville, MD       +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera   http://www.khera.org/~vivek/

Re: postgresql 7.2b5 and vserver: statistics sockets

From
Lincoln Yeoh
Date:
At 12:08 PM 23-01-2002 -0500, Tom Lane wrote:
><postgresql@fruru.com> writes:
>> If more people encounter the same problem (it's the way vserver works,
>> there are some good arguments on why not to make 127.0.0.1 available)
>
>Uh ... what are they?  We're willing to listen to reasonable arguments
>why that needs to be configurable.

Just like to point out that if IP forwarding is enabled on a target host,
other hosts on the same network could access 127.0.0.1 on that target host
(or any interface for that matter).

For some target operating systems that may still work even if IP forwarding
is off.

e.g. use certain source operating systems, bring down 127.x.x.x if present,
add the route to 127.0.0.1 using gateway = target host adjacent IP. Now
ping or telnet 127.0.0.1.

Cheerio,
Link.


Re: postgresql 7.2b5 and vserver: statistics sockets

From
Bruno Wolff III
Date:
On Thu, Jan 24, 2002 at 04:52:29PM +0800,
  Lincoln Yeoh <lyeoh@pop.jaring.my> wrote:
>
> Just like to point out that if IP forwarding is enabled on a target host,
> other hosts on the same network could access 127.0.0.1 on that target host
> (or any interface for that matter).
>
> For some target operating systems that may still work even if IP forwarding
> is off.

Except that well configured hosts should only accept traffic on external
interfaces that makes sense. And typically traffic addressed to 127.*.*.*
shouldn't be accepted from an external interface.