Re: BUG #15182: Canceling authentication due to timeout aka Denial ofService Attack
| От | Robert Haas |
|---|---|
| Тема | Re: BUG #15182: Canceling authentication due to timeout aka Denial ofService Attack |
| Дата | |
| Msg-id | CA+TgmobgJ9b0LpwhcCdj_gMDgp9UKmR_1pfX6WpWxGGGVrOG7A@mail.gmail.com обсуждение исходный текст |
| Ответ на | Fwd: BUG #15182: Canceling authentication due to timeout aka Denialof Service Attack (Jeremy Schneider <schnjere@amazon.com>) |
| Ответы |
Re: BUG #15182: Canceling authentication due to timeout aka Denialof Service Attack
|
| Список | pgsql-hackers |
On Thu, Jul 19, 2018 at 7:17 PM, Jeremy Schneider <schnjere@amazon.com> wrote: > I'd like to bump this old bug that Lloyd filed for more discussion. It > seems serious enough to me that we should at least talk about it. > > Anyone with simply the login privilege and the ability to run SQL can > instantly block all new incoming connections to a DB including new > superuser connections. > > session 1: > select pg_sleep(9999999999) from pg_stat_activity; > > session 2: > vacuum full pg_authid; -or- truncate table pg_authid; > > (there are likely other SQL you could run in session 2 as well.) ExecuteTruncate needs to be refactored to use RangeVarGetRelidExtended with a non-NULL callback rather than heap_openrv, and expand_vacuum_rel needs to use RangeVarGetRelidExtended with a callback instead of RangeVarGetRelid. See cbe24a6dd8fb224b9585f25b882d5ffdb55a0ba5 as an example of what to do. I fixed a large number of cases of this problem back around that time, but then ran out of steam and had to move onto other things before I got them all. Patches welcome. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: