Re: Security note: MS SQL is current worm vector
| От | Lamar Owen |
|---|---|
| Тема | Re: Security note: MS SQL is current worm vector |
| Дата | |
| Msg-id | 200111260055.TAA31251@www.wgcr.org обсуждение исходный текст |
| Ответ на | Re: Security note: MS SQL is current worm vector (Lincoln Yeoh <lyeoh@pop.jaring.my>) |
| Список | pgsql-hackers |
On Sunday 25 November 2001 03:35 am, Lincoln Yeoh wrote: > Fortunately most self compiled Postgresql installations don't have remote > access enabled (I have long assumed that on most Unix or Unixlike systems > local users = root users, so postgresql's lack of local user security by > default isn't that big an issue). > I have no experience with prepackaged Postgresql installations. The RPMset ships with TCP/IP socket listening off by default. I've had more questions on 'why isn't it turned on by default like it was in 7.0' than any other single subject. To all who asked -- _this_ is why. However, since postmaster doesn't start or run as root, a compromise of postmaster isn't going to result in catastrophic remote root. At worst your database is compromised -- which is bad, but not as bad as your machine being a stepping-stone for a DDoS. This is, IMHO, one of the worst things about NT 'services' -- they have entirely too many rights in the filesystem. -- Lamar Owen WGCR Internet Radio 1 Peter 4:11
В списке pgsql-hackers по дате отправления: