| From: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> |
|---|---|
| To: | Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Security note: MS SQL is current worm vector |
| Date: | 2001-11-26 00:55:28 |
| Message-ID: | 200111260055.TAA31251@www.wgcr.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sunday 25 November 2001 03:35 am, Lincoln Yeoh wrote:
> Fortunately most self compiled Postgresql installations don't have remote
> access enabled (I have long assumed that on most Unix or Unixlike systems
> local users = root users, so postgresql's lack of local user security by
> default isn't that big an issue).
> I have no experience with prepackaged Postgresql installations.
The RPMset ships with TCP/IP socket listening off by default. I've had more
questions on 'why isn't it turned on by default like it was in 7.0' than any
other single subject. To all who asked -- _this_ is why.
However, since postmaster doesn't start or run as root, a compromise of
postmaster isn't going to result in catastrophic remote root. At worst your
database is compromised -- which is bad, but not as bad as your machine being
a stepping-stone for a DDoS.
This is, IMHO, one of the worst things about NT 'services' -- they have
entirely too many rights in the filesystem.
--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-11-26 00:55:30 | Re: Call for objections: deprecate postmaster -o switch? |
| Previous Message | Bruce Momjian | 2001-11-26 00:50:21 | Re: Call for objections: deprecate postmaster -o switch? |