On 9 March 2018 at 14:17, Gasper Zejn <z...@owca.info> wrote: > On 09. 03. 2018 06:24, Craig Ringer wrote: > > I'm totally unconvinced by the threat posed by exploiting a client by > tricking it into requesting protocol compression - or any other protocol > change the client lib doesn't understand - with a connection option in > PGOPTIONS or the "options" connstring entry. The attacker must be able to > specify either environment variables (in which case I present "LD_PRELOAD") > or the connstr. If they can set a connstr they can direct the client to > talk to a different host that tries to exploit the connecting client in > whatever manner they wish by sending any custom crafted messages they like. > > If the attacker has access to client process or environment, he's already > won and this is not where the compression vulnerability lies. > > I'm aware. That's a reference to Tom's often-stated objection to using a GUC as a client flag to enable new server-to-client protocol messages, not anything re SSL.
-- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services