Tom Lane wrote:
> Stef Walter <stef-list@memberwebs.com> writes:
>> Tom Lane wrote:
>>> Now that the samehost/samenet patch is in, I wonder if it wouldn't be
>>> a good idea to replace this part of the default pg_hba.conf file:
>
>> You're probably not suggesting this, but I would be against a default
>> setting of 'samehost' used with 'trust'.
>
>> Essentially that would be the same as rlogin rsh, where if the user can
>> spoof a TCP connection, he can connect to postgresql. Depending on the
>> platform, an interface may have to be down for this to work.
>
> Is there any actual risk here that we aren't taking already just by
> allowing 127.0.0.1?
Yes, RFC 1122 specifies that 127.0.0.0/8 must not appear outside of a
single host. Checks for this are implemented. For example in FreeBSD:
http://fxr.watson.org/fxr/source/netinet/ip_input.c#L440
http://fxr.watson.org/fxr/search?string=IN_LOOPBACK
Obviously I can't guarantee this for any given OS. However it does seem
like a pretty standard security feature of the IP stack.
In my opinion, adding samehost into the default pg_hba.conf with the
method set to md5 (attached patch) would be both usable and secure.
Cheers,
Stef
diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample
index cfcd246..ea83d4d 100644
*** a/src/backend/libpq/pg_hba.conf.sample
--- b/src/backend/libpq/pg_hba.conf.sample
***************
*** 75,77 ****
--- 75,79 ----
host all all 127.0.0.1/32 @authmethod@
# IPv6 local connections:
host all all ::1/128 @authmethod@
+ # Host's IPv4 and IPv6 connections:
+ host all all samehost md5