On Tue, Oct 5, 2010 at 15:18, Magnus Hagander wrote:
> On Tue, Oct 5, 2010 at 11:01, Magnus Hagander wrote:
>> On Sun, Oct 3, 2010 at 18:30, Alan T DeKok wrote:
>>> Tom Lane wrote:
Hm ... seems to me that is a network security problem, not our problem.
Who's to say one of the spoofed p
Alan T DeKok writes:
> Magnus Hagander wrote:
>> If you can test the complete patch in your environment (particularly
>> if you already have a "bad packet injector" that you know creates the
>> issue on 9.0), that would be great though.
>
> If you use FreeRADIUS, use "radclient" to send the foll
Magnus Hagander wrote:
> If you can test the complete patch in your environment (particularly
> if you already have a "bad packet injector" that you know creates the
> issue on 9.0), that would be great though.
If you use FreeRADIUS, use "radclient" to send the following text:
User-Name = "bob"
On Tue, Oct 5, 2010 at 19:11, Alan T DeKok wrote:
> Magnus Hagander wrote:
>> Actually, nevermind that one. Here's a patch I worked up from your
>> description, and that turns out to be fairly similar to yours in what
>> it does I think - except I'm not rearranging the code into a separate
>> func
Alan T DeKok wrote:
> the hard-code 10 could be USECS_PER_SEC.
To save others the time of checking, it's actually 100 in the
patch.
-Kevin
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-
Magnus Hagander wrote:
> Actually, nevermind that one. Here's a patch I worked up from your
> description, and that turns out to be fairly similar to yours in what
> it does I think - except I'm not rearranging the code into a separate
> function. We already have a while-loop.
Thanks. The only
On Tue, Oct 5, 2010 at 11:01, Magnus Hagander wrote:
> On Sun, Oct 3, 2010 at 18:30, Alan T DeKok wrote:
>> Tom Lane wrote:
>>> Hm ... seems to me that is a network security problem, not our problem.
>>> Who's to say one of the spoofed packets won't pass verification?
>>
>> The packets are signe
On Sun, Oct 3, 2010 at 18:30, Alan T DeKok wrote:
> Tom Lane wrote:
>> Hm ... seems to me that is a network security problem, not our problem.
>> Who's to say one of the spoofed packets won't pass verification?
>
> The packets are signed with a shared key. Passing verification means
> either the
Tom Lane wrote:
> Hm ... seems to me that is a network security problem, not our problem.
> Who's to say one of the spoofed packets won't pass verification?
The packets are signed with a shared key. Passing verification means
either the attacker knows the key, or the attacker has broken MD5 in
Magnus Hagander writes:
> On Sun, Oct 3, 2010 at 00:52, Tom Lane wrote:
>> [ scratches head ... ] I don't see the problem.
> I think he's referring to the ability to flood the postgresql server
> with radius packets with spoofed IP source, correct?
Hm ... seems to me that is a network security
Magnus Hagander wrote:
> I think he's referring to the ability to flood the postgresql server
> with radius packets with spoofed IP source, correct?
Yes. Or, with any number of other "bad" packets.
> If we then looped
> until we got one that validated as a proper packet, we'd still be able
> t
Tom Lane wrote:
> [ scratches head ... ] I don't see the problem. AFAICS the "verify
> packet" code is just looking at local storage. Where is the spoofing
> possibility, and why would delaying the socket close accomplish
> anything?
Looking at local storage isn't the issue. There is no buff
On Sun, Oct 3, 2010 at 00:52, Tom Lane wrote:
> "Alan DeKok" writes:
>> CheckRADIUSAuth() in src/backend/libpq/auth.c is subject to spoofing attacks
>> which can force all RADIUS authentications to fail.
>> ...
>> The source IP/port/RADIUS ID && authentication vector fields are checked
>> *after*
"Alan DeKok" writes:
> CheckRADIUSAuth() in src/backend/libpq/auth.c is subject to spoofing attacks
> which can force all RADIUS authentications to fail.
> ...
> The source IP/port/RADIUS ID && authentication vector fields are checked
> *after* the socket is closed. This allows an attacker to "ra
The following bug has been logged online:
Bug reference: 5687
Logged by: Alan DeKok
Email address: al...@freeradius.org
PostgreSQL version: 9.0.0
Operating system: All
Description:RADIUS Authentication issues
Details:
CheckRADIUSAuth() in src/backend/libpq/auth.c is
15 matches
Mail list logo