| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl> |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-22 16:15:20 |
| Message-ID: | 476D3818.1080404@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andrew Dunstan wrote:
>
>
> Peter Eisentraut wrote:
>> Bruce Momjian wrote:
>>
>>> The fundamental problem is that because we don't require root, any
>>> user's
>>> postmaster or pretend postmaster is as legitimate as anyone else's. SSL
>>> certificates add legitimacy checks for TCP, but not for unix domain
>>> sockets.
>>>
>>
>> Wouldn't SSL work over Unix-domain sockets as well? The API only
>> deals with file descriptors.
>>
>>
>
> But we don't check the SSL cert's credentials in the client, AFAIK. That
> means that postmaster spoofer could just as easily spoof SSL.
> Communications between the client and the endpoint will be protected,
> but there is no protection from a man in the middle attack, which is
> what this is.
We do if you put the CA cert on the client.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-12-22 18:04:47 | Re: Spoofing as the postmaster |
| Previous Message | Peter Eisentraut | 2007-12-22 16:13:05 | Re: Spoofing as the postmaster |