[BUGS] BUG #4339: The postgreSQL service stops abnormally
The following bug has been logged online: Bug reference: 4339 Logged by: Bhaskar Sirohi Email address: [EMAIL PROTECTED] PostgreSQL version: 8.3.3 Operating system: Windows 2003 Server Description:The postgreSQL service stops abnormally Details: Hi All, The postgreSQL service stops abnormally,I can't restart it until I enter the password for the \postgre login account. Once I do that, everything is fine again. Below are the snaps of pg_logs 2008-07-29 09:14:46 EDT LOG: database system was interrupted; last known up at 2008-07-28 23:13:20 EDT 2008-07-29 09:14:46 EDT LOG: database system was not properly shut down; automatic recovery in progress 2008-07-29 09:14:46 EDT LOG: record with zero length at 2/D0E47B88 2008-07-29 09:14:46 EDT LOG: redo is not required 2008-07-29 09:14:46 EDT LOG: loaded library "$libdir/plugins/plugin_debugger.dll" 2008-07-29 09:14:46 EDT FATAL: the database system is starting up 2008-07-29 09:14:46 EDT LOG: database system is ready to accept connections 2008-07-29 09:14:46 EDT LOG: autovacuum launcher started 2008-07-29 09:14:47 EDT LOG: loaded library "$libdir/plugins/plugin_debugger.dll" 2008-07-29 09:15:29 EDT LOG: loaded library "$libdir/plugins/plugin_debugger.dll" 2008-07-29 16:26:19 EDT LOG: loaded library "$libdir/plugins/plugin_debugger.dll" 2008-07-29 16:41:03 EDT LOG: loaded library "$libdir/plugins/plugin_debugger.dll" 2008-07-29 16:50:57 EDT LOG: loaded library "$libdir/plugins/plugin_debugger.dll" 2008-07-29 16:51:27 EDT LOG: loaded library "$libdir/plugins/plugin_debugger.dll" 2008-07-29 17:30:13 EDT LOG: loaded library "$libdir/plugins/plugin_debugger.dll" 2008-07-30 03:03:44 EDT LOG: loaded library "$libdir/plugins/plugin_debugger.dll" 2008-07-30 05:35:15 EDT LOG: loaded library "$libdir/plugins/plugin_debugger.dll" 2008-07-30 10:27:35 EDT LOG: loaded library "$libdir/plugins/plugin_debugger.dll" 2008-07-30 15:05:01 EDT LOG: checkpoints are occurring too frequently (28 seconds apart) 2008-07-30 15:05:01 EDT HINT: Consider increasing the configuration parameter "checkpoint_segments". 2008-07-30 15:13:34 EDT LOG: checkpoints are occurring too frequently (29 seconds apart) 2008-07-30 15:13:34 EDT HINT: Consider increasing the configuration parameter "checkpoint_segments". 2008-07-30 15:18:50 EDT LOG: checkpoints are occurring too frequently (28 seconds apart) 2008-07-30 15:18:50 EDT HINT: Consider increasing the configuration parameter "checkpoint_segments". 2008-07-30 15:19:21 EDT LOG: received fast shutdown request 2008-07-30 15:19:21 EDT LOG: aborting any active transactions 2008-07-30 15:19:21 EDT ERROR: canceling statement due to user request 2008-07-30 15:19:21 EDT STATEMENT: COMMIT 2008-07-30 15:19:21 EDT ERROR: canceling statement due to user request 2008-07-30 15:19:21 EDT STATEMENT: ROLLBACK 2008-07-30 15:19:21 EDT ERROR: current transaction is aborted, commands ignored until end of transaction block 2008-07-30 15:19:21 EDT STATEMENT: SELECT type, cino, ctime FROM folder WHERE ino = 2 AND name = 'Michael H. Modee' AND dtime = 0 2008-07-30 15:19:21 EDT ERROR: current transaction is aborted, commands ignored until end of transaction block 2008-07-30 15:19:21 EDT STATEMENT: SELECT type, cino, ctime FROM folder WHERE ino = 2 AND name = 'Michael H. Modee' AND dtime = 0 2008-07-30 15:19:21 EDT ERROR: canceling autovacuum task 2008-07-30 15:19:21 EDT CONTEXT: automatic analyze of table "notebookbkp.public.bmap" 2008-07-30 15:19:21 EDT FATAL: terminating connection due to administrator command 2008-07-30 15:19:21 EDT FATAL: terminating connection due to administrator command 2008-07-30 15:19:21 EDT LOG: autovacuum launcher shutting down 2008-07-30 15:19:24 EDT LOG: shutting down 2008-07-30 15:19:24 EDT LOG: database system is shut down -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
[BUGS] BUG #4340: SECURITY: Is SSL Doing Anything?
The following bug has been logged online:
Bug reference: 4340
Logged by: Dan Kaminsky
Email address: [EMAIL PROTECTED]
PostgreSQL version: 7.3
Operating system: Any
Description:SECURITY: Is SSL Doing Anything?
Details:
http://www.google.com/codesearch?hl=en&q=verify_cb+package:http://ring.atr.j
p/archives/misc/db/postgresql-jp/7.3beta/postgresql-7.3b1.tar.gz+show:T2MIh9
GrfhE:LRGuIfOPoEk:-Eemn4ZpAKY&sa=N&cd=1&ct=rc&cs_p=http://ring.atr.jp/archiv
es/misc/db/postgresql-jp/7.3beta/postgresql-7.3b1.tar.gz&cs_f=postgresql-7.3
b1/src/interfaces/libpq/fe-secure.c#l355
/*
* Certificate verification callback
*
* This callback allows us to log intermediate problems during
* verification, but there doesn't seem to be a clean way to get
* our PGconn * structure. So we can't log anything!
*
* This callback also allows us to override the default acceptance
* criteria (e.g., accepting self-signed or expired certs), but
* for now we accept the default checks.
*/
static int
verify_cb(int ok, X509_STORE_CTX *ctx)
{
return ok;
}
---
Clearly, this is handling self-signed certs. Great. But what I really want
to know is, is verify_peer accepting a self-signed identity assertion?
Because that'd be remote EoP.
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs
Re: [BUGS] BUG #4340: SECURITY: Is SSL Doing Anything?
"Dan Kaminsky" <[EMAIL PROTECTED]> writes: > Clearly, this is handling self-signed certs. Great. But what I really want > to know is, is verify_peer accepting a self-signed identity assertion? > Because that'd be remote EoP. I'm just guessing what you're driving at (unexplained acronyms aren't a good way to communicate), but I think it's not a big problem. PG doesn't rely on SSL for authentication, only for communications security, so whether the remote cert is self-signed doesn't seem like much of an issue. Anyway, you can adjust your list of trusted CAs to determine whether you'll accept it or not. regards, tom lane -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
Re: [BUGS] BUG #4340: SECURITY: Is SSL Doing Anything?
Tom Lane wrote: "Dan Kaminsky" <[EMAIL PROTECTED]> writes: Clearly, this is handling self-signed certs. Great. But what I really want to know is, is verify_peer accepting a self-signed identity assertion? Because that'd be remote EoP. I'm just guessing what you're driving at (unexplained acronyms aren't a good way to communicate), but I think it's not a big problem. PG doesn't rely on SSL for authentication, only for communications security, so whether the remote cert is self-signed doesn't seem like much of an issue. Anyway, you can adjust your list of trusted CAs to determine whether you'll accept it or not. regards, tom lane Heh Tom, Thanks for replying so quickly. It's definitely appreciated. Apologies, EoP = Escalation of Privilege. I've been up all night. Lets talk about the verify_cb callback first: Suppose there's a man-in-the-middle between the PG client and the PG server. Is some secondary force going to apply some Trusted CA list? Second, are you saying verify_peer doesn't do anything for authentication? Are you sure about that? There's really little reason otherwise for the call to exist. --Dan -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
Re: [BUGS] BUG #4340: SECURITY: Is SSL Doing Anything?
Dan Kaminsky <[EMAIL PROTECTED]> writes: > Lets talk about the verify_cb callback first: Suppose there's a > man-in-the-middle between the PG client and the PG server. Is some > secondary force going to apply some Trusted CA list? I'm not sure why we have verify_cb at all -- so far as I can see, it just specifies the same behavior as OpenSSL's default. Are you saying that OpenSSL's default verification behavior is broken? > Second, are you saying verify_peer doesn't do anything for > authentication? Are you sure about that? There's really little reason > otherwise for the call to exist. Er, we don't *have* a verify_peer callback. regards, tom lane -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
