Re: SCRAM with channel binding downgrade attack
Michael Paquier <michael@paquier.xyz>
Attachments
- channel-binding-libpq.patch (text/x-diff) patch
On Fri, May 18, 2018 at 10:46:46AM +0900, Michael Paquier wrote: > From a security point of view, 1) is important for libpq, but I am not > much enthusiast about 2) as a whole. The backend has proper support for > channel binding, hence other drivers speaking the protocol could have > their own restriction mechanisms. So, I have been playing with libpq to address point 1), and added a new connection parameter called channel_binding_mode which can be set to 'prefer', which is what libpq uses now, and 'require'. The patch has two important parts: 1) If a server does not support channel binding, still it is sending back a SCRAM authentication, but the client still wants to enforce the use of channel binding, then libpq reacts as follows: $ psql -d "dbname=foo channel_binding_mode=require" psql: channel binding required for SASL authentication but no valid mechanism could be selected This requires pg_SASL_init() to be patched after the SASL mechanism has been selected. That error can be triggered with a v10 server with whom a SCRAM authentication is done, as well as with a v11 server where SSL is not used. Some people may use sslmode=prefer in combination to channel_binding_mode=require, in which case an error should be raised if the SSL connection cannot be achieved first. That addresses a bit of the craziness of sslmode=prefer... 2) If client wants to use channel binding, but the server is trying to enforce another protocol than SCRAM, like MD5, trust, gssapi or such, then the following error happens: $ psql -d "dbname=foo channel_binding_mode=require" psql: channel binding required for authentication but no valid protocol are used In this case, it seems to me that the best bet is to patch pg_fe_sendauth() and filter by message types. In the attached, I have added the parameter and some documentation. I have not added tests, but some things could be tested in the SSL suite: - Check for incorrect values in the parameter. - Test connection without SCRAM with "require" - Test connection without SSL but SCRAM with "require" I have not put much thoughts into the documentation, but the patch is rather simple so hopefully that helps in making progress in the discussion. -- Michael
Commits
-
doc: update PG 11 release notes
- 6eb612fea9d0 12.0 cited
-
Fix misspelled pg_trgm contrib name in PostgreSQL 11 release notes
- 3abc5a67edfd 12.0 landed
-
Doc: clarify release note text about v11's new window function features.
- 510421c45fb4 11.0 landed
- 11a3aeeb5e17 12.0 landed
-
Improve wording of release notes item
- bee6a683a5c3 11.0 landed
-
Fix typos in release notes
- fb6accd27b99 11.0 landed
-
Doc: preliminary list of PG11 major features.
- 4aad161c9a6d 11.0 landed
-
Make numeric power() handle NaNs according to the modern POSIX spec.
- d1fc750b5199 11.0 landed
-
Various improvements of skipping index scan during vacuum technics
- 8e12f4a250d2 11.0 cited
-
Revert back-branch changes in power()'s behavior for NaN inputs.
- f74d83b3034f 10.4 cited
-
Avoid wrong results for power() with NaN input on more platforms.
- 6bdf1303b34b 11.0 cited
-
Avoid wrong results for power() with NaN input on some platforms.
- 61b200e2f582 11.0 cited
-
Skip full index scan during cleanup of B-tree indexes when possible
- 857f9c36cda5 11.0 cited
-
Rewrite the code that applies scan/join targets to paths.
- 11cf92f6e2e1 11.0 cited
-
Postpone generate_gather_paths for topmost scan/join rel.
- 3f90ec8597c3 11.0 cited
-
Add casts from jsonb
- c0cbe00fee6d 11.0 cited
-
Make plpgsql use its DTYPE_REC code paths for composite-type variables.
- 4b93f57999a2 11.0 cited
-
Don't allow VACUUM VERBOSE ANALYZE VERBOSE.
- 921059bd66c7 11.0 cited
-
Pass InitPlan values to workers via Gather (Merge).
- e89a71fb449a 11.0 cited
-
Account for the effect of lossy pages when costing bitmap scans.
- 5edc63bda68a 11.0 cited
-
Allow no-op GiST support functions to be omitted.
- d3a4f89d8a3e 11.0 cited
-
Rearm statement_timeout after each executed query.
- f8e5f156b30e 11.0 cited
-
Push limit through subqueries to underlying sort, where possible.
- 1f6d515a67ec 11.0 cited