Bug 51583 - Postgresql binds to all IP addresses by default
Summary: Postgresql binds to all IP addresses by default
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: postgresql
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Trond Eivind Glomsrxd
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-08-12 18:47 UTC by Graham Leggett
Modified: 2007-04-18 16:35 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2001-08-12 18:47:51 UTC
Embargoed:

Attachments (Terms of Use)

Description Graham Leggett 2001-08-12 18:47:47 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.73 [en] (X11; I; Linux 2.4.7 ppc)

Description of problem:
Using the default configuration of postgresql, the postmaster daemon binds
to port 5432 on all IP addresses. This behavior cannot be changed, which
makes hardening a box with postgresql installed on it impossible.

From the postmaster daemon man page, the daemon will only bind using tcp
sockets if the -i flag is passed (the default being unix domain sockets).
Nowhere in the startup script has a -i been passed, which suggests that
Redhat has patched postgresql to override the default secure behavior.

In addition, it seems impossible to tell postgresql to bind to a specific
IP address, making the default installation impossible to secure if the use
of tcp sockets is necessary.


How reproducible:
Always

Steps to Reproduce:
1. Install postgresql
2. Use nmap to scan all ports - port 5432 on all IP addresses is open


Additional info:
Comment 1 Trond Eivind Glomsrxd 2001-08-13 00:41:23 UTC 
It was not patched in any such way, which you can easily verify by looking at
the SRPM.

I can not reproduce it (a newer version, but no config changes affecting this
has been made) either - also, note that you don't need "-i". You can configure
it in /var/lib/pgsql/data/postgresql.conf with the same result.

Finally, of course you can harden it - ipchains shot work just fine, if the app
in question doesn't support binding to just one address. If you want that
changed, suggest it on the postgresql-general mailing list.
Comment 2 Graham Leggett 2001-08-13 08:05:30 UTC 
> It was not patched in any such way, which you can easily verify by looking at
> the SRPM.

Was the /etc/rc.d/init.d/postgresql script written by the postgresql people or
by redhat? Whoever wrote it defaulted the server startup to "wide open".

>  I can not reproduce it (a newer version, but no config changes affecting this
>  has been made) either - also, note that you don't need "-i". You can
configure
> it in /var/lib/pgsql/data/postgresql.conf with the same result.

I can find no mention of this config file in any of the docs, nor is there an
example config anywhere in the package.

To reproduce it, install postgresql, start up the server, create a database, do
an nmap scan - port 5432 will be open on all IP addresses.

> Finally, of course you can harden it - ipchains shot work just fine, if the
app
> in question doesn't support binding to just one address. If you want that
> changed, suggest it on the postgresql-general mailing list.

ipchains is a bandaid - the port should not be open in the first place.
Note You need to log in before you can comment on or make changes to this bug.