Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL

pgman@candle.pha.pa.us (Bruce Momjian) wrote 

> Sir-* does have a point.  A valid host in pg_hba.conf can cause DOS by
> just connecting over and over, but allocating almost all of the memory
> on the machine would affect other applications running on the machine,
> even non-networked applications, as well as PostgreSQL, while a
> connection DOS effects only PostgreSQL.


oh woe is he the man who does not use rlimits, or perhaps, concurrency 
limits?

it seems this is nothing new, all network available services are subject to 
dos or ddos attacks... and if you dont setup limits on your machine, then 
other things can be affected... inetd, bind, sendmail, finger, <insert 
favorite network accessible program here>, etc...

I do agree that pgsql should not just arbitrarily allocate memory like 
this, as defensive programming, but I cannot agree that this is a bug or 
problem in pgsql per se.

As a side note, if someone wanted to shift the discussion to allowing 
concurrency limits in pgsql, how would/could this fit into the context of 
another thread where it was discussed to be able to always allow certain 
users to login...