On Tue, 16 Sep 2008 13:32:41 -0500
H D Moore <[EMAIL PROTECTED]> wrote:
> On Tuesday 16 September 2008, Ulisses Castro (thebug) wrote:
> > Who permit login of superuser "postgres" to local connection without
> > pass. I think people from Backtrack devel keep postgres in default.
> [ snip ]
> > Who use ident-based authentication[1], in my view I think is not simple
> > method and all people that I known don't use it... (this is my point).
> [ snip ]
>
> OK, that makes a lot more sense, thanks for the explanation. If 'postgres'
> is the default on the majority of systems, I think we should change it,
> otherwise leave it at same user. A more-friendly error message could
> resolve this either way.
>
I made some tests and found a missing "else" in db_destroy, it is the same
purpose as db_create, that we talked before (to make 'postgres' default user).
$ diff -Nur db_postgres.rb.old db_postgres.rb
--- db_postgres.rb.old 2008-09-17 00:58:43.000000000 -0300
+++ db_postgres.rb 2008-09-17 00:59:42.000000000 -0300
@@ -143,8 +143,12 @@
argv = []
if (info[:user])
+ opts['username'] = info[:user]
argv.push('-U')
argv.push(info[:user])
+ else
+ argv.push('-U')
+ argv.push('postgres')
end
if (info[:pass])
Thanks for your attention Moore, you are fast! :)
> -HD
> _______________________________________________
> Framework-Hackers mailing list
> Framework-Hackers@spool.metasploit.com
> http://spool.metasploit.com/mailman/listinfo/framework-hackers
--
Ulisses Castro
_______________________________________________
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers
