Re: Bug#95818: libpgsql2.1: should not depend on ident-server
>>>>> "Oliver" == Oliver Elphick <olly@lfix.co.uk> writes:
Oliver> It is indeed the case that ident is needed to allow local
Oliver> access without a password. I understand that this
Oliver> presents a small security risk on the server. However,
Oliver> without it, it is necessary for the postgres
Oliver> administrator's database password to be held in clear in
Oliver> some file, so that the automatic clean-up processes will
Oliver> be able to operate.
Could be a disaster on some systems. I think same ident servers, like
oidentd, allow individual users to customise their own responses:
[...]
-s Allow identd reply spoofing. In order for a non-
root user to spoof its identd reply, the username
must be listed in /etc/identd.spoof. The spoofed
reply can optionally be specified in the
/etc/identd.spoof file. For example, if
"user:string" were an entry in /etc/identd.spoof,
any successful lookups for "user" would result in
the reply "string" being returned. If the reply is
not specified in the /etc/identd.spoof file, the
spoofed reply will be read from an .ispoof file in
the user's home directory. If a user is not allowed
to spoof identd replies or there is an error read
ing the .ispoof file, if the -r flag has been
passed to identd, a randomized identd reply will be
returned. If not, the user's username will be
returned. Non-root users are allowed to spoof
identd replies on ports greater than 1023. Non-root
users may spoof identd replies on all ports if the
-A option is specified.
-S Same as '-s' but allow all users to spoof identd
replies except for those users listed in the
/etc/identd.spoof file.
[...]
$HOME/.ispoof
File containing username to return when oidentd is
run with the -s flag.
[note: the above requires careful reading; in order to enable non-root
spoofing you have to pass -s *and* put the user in the
/etc/identd.spoof file *without* a reply; -S is different]
This isn't something I like (read: hate), but I am bringing it up
because it could be a serious security hole when used by programs like
postgresql.
--
Brian May <bam@debian.org>
Reply to: