| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl> |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-22 15:55:06 |
| Message-ID: | 476D335A.9070801@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> Bruce Momjian wrote:
>
>> The fundamental problem is that because we don't require root, any user's
>> postmaster or pretend postmaster is as legitimate as anyone else's. SSL
>> certificates add legitimacy checks for TCP, but not for unix domain
>> sockets.
>>
>
> Wouldn't SSL work over Unix-domain sockets as well? The API only deals with
> file descriptors.
>
>
But we don't check the SSL cert's credentials in the client, AFAIK. That
means that postmaster spoofer could just as easily spoof SSL.
Communications between the client and the endpoint will be protected,
but there is no protection from a man in the middle attack, which is
what this is.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2007-12-22 16:13:05 | Re: Spoofing as the postmaster |
| Previous Message | Peter Eisentraut | 2007-12-22 15:44:16 | Re: Spoofing as the postmaster |