Re: Replay attack of query cancel
| От | Bruce Momjian |
|---|---|
| Тема | Re: Replay attack of query cancel |
| Дата | |
| Msg-id | 200811210431.mAL4VLd22226@momjian.us обсуждение исходный текст |
| Ответ на | Re: Replay attack of query cancel (Magnus Hagander <magnus@hagander.net>) |
| Список | pgsql-hackers |
This bug has not been fixed, but it is on the TODO list: o Prevent query cancel packets from being replayed by an attacker,especially when using SSL I am going to consider this item closed meaning I am not going to track that it is fixed for 8.4; it is just documented on our TODO as a known limitation. --------------------------------------------------------------------------- Magnus Hagander wrote: > Tom Lane wrote: > > Alvaro Herrera <alvherre@commandprompt.com> writes: > >> Andrew Gierth wrote: > >>> 2. The server accepts either the old-style or the secure cancel > >>> request from the client, but doesn't allow old-style requests > >>> once a valid secure request has been seen. > > > >> Hmm, I think there should be a way to turn off acceptance of old-style > >> without necessarily requiring a new-style request. Otherwise, how are > >> you protected from DoS if you have never sent a cancel request at all? > > > > Assuming you were using SSL, it's hard to see how an attacker is going > > to get your cancel key without having seen a cancel request. > > Not only that, but he'll have to see an *old-style* cancel request, > since the new style doesn't contain the key. > > And if you're *not* using SSL, the attacker can just sniff they key off > the initial packet instead. > > > > However, I dislike Andrew's proposal above even without that issue, > > because it means *still more* changeable state that has to be magically > > shared between postmaster and backends. If we want to have a way for > > people to disable insecure cancels, we should just have a postmaster > > configuration parameter that does it. > > Agreed. Your security policy also should not depend on what your client > happens to do, it should be enforceable. > > > //Magnus > > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
В списке pgsql-hackers по дате отправления: