Quick Links

Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL

From:	Lamar Owen <lamar(dot)owen(at)wgcr(dot)org>
To:	Sir Mordred The Traitor <mordred(at)s-mail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL
Date:	2002-08-26 15:18:48
Message-ID:	200208261118.48487.lamar.owen@wgcr.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Monday 26 August 2002 10:46 am, Sir Mordred The Traitor wrote:
> Conditions: entry in a pg_hba.conf file that matches attacker's host.
> Risk: average

> --[ Solution
>
> Disable network access for untrusted users.

TCP/IP access must be enabled as well. TCP/IP accessibility is OFF by
default.

I for one thought that it was normal operating procedure to only allow access
to trusted machines; maybe I'm odd in that regard.

Hey, if I can connect to postmaster I can DoS it quite easily, but flooding it
with connection requests.....

But, if we can thwart this, all the better.
--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11

In response to

@(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL at 2002-08-26 14:46:19 from Sir Mordred The Traitor

Responses

Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL at 2002-08-26 15:27:57 from Þórhallur Hálfdánarson
Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL at 2002-08-26 16:25:35 from Chris Humphries

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Sir Mordred The Traitor	2002-08-26 15:25:18	Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL
Previous Message	Tom Lane	2002-08-26 15:02:56	Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL