New to PostgreSQL, is this a DoS?
Pardon the message, I received no responses in the other pgsql lists I
posted this too.
I'm using a fully updated RedHat 5.1 box
flex version 2.5.4
GNU Bison version 1.25
---------- Forwarded message ----------
Date: Sun, 15 Nov 1998 22:24:58 -0700 (MST)
From: Dax Kelson <dkelson-list-pgsql-admin@inconnect.com>
To: pgsql-admin@postgreSQL.org
Subject: [ADMIN] New to PostgreSQL, is this a DoS?
I compiled and install 6.4 according to the INSTALL doc.
I created a database with "createdb test",
running as user "postgres", I connected "psql template1" and ran:
CREATE USER billybob WITH PASSWORD hehe CREATEDB CREATEUSER;
I then modified pg_hba.conf by adding:
host all 10.0.0.2 255.255.255.255 crypt
I then killed and restarted postmaster with "-i".
From the remote machine "10.0.0.2" I connected to the database "test" as
user "billybob" and that worked.
However, I had problems trying to create a table.
From that remote machine, I ran:
CREATE TABLE weather (
city varchar(80),
temp_lo int,
temp_hi int,
prcp real,
date date
);
And it supposedly "worked", it said "CREATE". However, running
\d returned
Couldn't find any tables, sequences or indices!
Then from the machine actually running PostgreSQL, as user "postgres" I
connected to "test"
\d returned
Couldn't find any tables, sequences or indices!
So I tried running the CREATE TABLE weather command again, but it
returned:
ERROR: weather relation already exists
but,
\d returned
Couldn't find any tables, sequences or indices!
From remotely as "billybob" or localy as "postgres" I could succesfully
drop this phantom table.
Is this a denial of service? A remote user can connect and create as many
phantom tables as they want which could possibly interfere with normal
operation? How would the admin even know the name of the table to drop?
If I connect locally as user "postgres" and I can successfully create and
see the table.
Is it normal behaviour that user "postgres" must first create the tables
for them to be useable?
Thanks,
Dax Kelson
Internet Connect, Inc.
dkelson-list-pgsql-hackers@inconnect.com wrote:
Pardon the message, I received no responses in the other pgsql lists I
posted this too.I'm using a fully updated RedHat 5.1 box
flex version 2.5.4
GNU Bison version 1.25---------- Forwarded message ----------
Date: Sun, 15 Nov 1998 22:24:58 -0700 (MST)
From: Dax Kelson <dkelson-list-pgsql-admin@inconnect.com>
To: pgsql-admin@postgreSQL.org
Subject: [ADMIN] New to PostgreSQL, is this a DoS?I compiled and install 6.4 according to the INSTALL doc.
Did you do initdb ?
running the new postgres over old 6.3 database could possibly
explain the strange behaviour you see
I created a database with "createdb test",
running as user "postgres", I connected "psql template1" and ran:
CREATE USER billybob WITH PASSWORD hehe CREATEDB CREATEUSER;
Hannu
On Mon, 16 Nov 1998 dkelson-list-pgsql-hackers@inconnect.com wrote:
I compiled and install 6.4 according to the INSTALL doc.
I created a database with "createdb test",
running as user "postgres", I connected "psql template1" and ran:
CREATE USER billybob WITH PASSWORD hehe CREATEDB CREATEUSER;
Still being half asleep and just guessing (withoug looking it up), does
the CREATEDB CREATEUSER also imply SELECT privileges? IOW, you may
wanna try GRANT.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev@michvhf.com flame-mail: /dev/null
# include <std/disclaimers.h> TEAM-OS2
Online Searchable Campground Listings http://www.camping-usa.com
"There is no outfit less entitled to lecture me about bloat
than the federal government" -- Tony Snow
==========================================================================
On Tue, 17 Nov 1998, Vince Vielhaber wrote:
On Mon, 16 Nov 1998 dkelson-list-pgsql-hackers@inconnect.com wrote:
I compiled and install 6.4 according to the INSTALL doc.
I created a database with "createdb test",
running as user "postgres", I connected "psql template1" and ran:
CREATE USER billybob WITH PASSWORD hehe CREATEDB CREATEUSER;
Still being half asleep and just guessing (withoug looking it up), does
the CREATEDB CREATEUSER also imply SELECT privileges? IOW, you may
wanna try GRANT.
From what I've read, you can't GRANT on a database, it has be a on an
object within a database.
It seems it is the chicken and the egg problem.
On Tue, 17 Nov 1998 dkelson-list-pgsql-hackers@inconnect.com wrote:
On Tue, 17 Nov 1998, Vince Vielhaber wrote:
On Mon, 16 Nov 1998 dkelson-list-pgsql-hackers@inconnect.com wrote:
I compiled and install 6.4 according to the INSTALL doc.
I created a database with "createdb test",
running as user "postgres", I connected "psql template1" and ran:
CREATE USER billybob WITH PASSWORD hehe CREATEDB CREATEUSER;
Still being half asleep and just guessing (withoug looking it up), does
the CREATEDB CREATEUSER also imply SELECT privileges? IOW, you may
wanna try GRANT.From what I've read, you can't GRANT on a database, it has be a on an
object within a database.
It seems it is the chicken and the egg problem.
GRANT ALL TO billybob
That's a GRANT for command permissions which is different from the GRANT
for object permissions that you're thinking of. Sybase supports the
above command I gave, I don't know if PostgreSQL does.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev@michvhf.com flame-mail: /dev/null
# include <std/disclaimers.h> TEAM-OS2
Online Searchable Campground Listings http://www.camping-usa.com
"There is no outfit less entitled to lecture me about bloat
than the federal government" -- Tony Snow
==========================================================================