Am Freitag, 18. Januar 2008 schrieb Alvaro Herrera:
> I propose to create a dangling symlink on system startup in
> /tmp/.s.PGSQL.<port> to the real socket, which is not on a
> world-writable directory.  This avoids the spoofer, because he cannot
> create the socket -- the symlink is occupying its place.

This approaches the issue from the wrong end.  Spoofing attacks the client, so 
the defense must be in the client.  If the defense of the client is to rely 
on a carefully configured server, then that might exclude some possible 
attack vectors, but it is not a defense the client can rely on.

To look at this in another way, if we relied on every browser user to type in 
web addresses correctly and all server administrators to make sure 
their "socket address" cannot be hijacked, we wouldn't need SSL on the web.  
The proper approach, however, is to configure the client to only talk to 
servers that can prove their identity.

Peter Eisentraut

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

Reply via email to