The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: msql access control (fwd)

Christian Hudon writes:
> Does our msql package follow the recommendations made in this message?

2/3 yes

> I was reviewing the access control mechanisms in the mSQL database
> (http://www.hughes.com.au/) and made the following observations:
> 
> 1) When doing a "make install" of msql, no msql.acl access control list
> file is installed.  When the database server is started without an ACL
> file, it prints a warning, and then starts with all databases world
> readable and writable.  If the server is on the Internet, the entire
> Internet has read/write access to the databases.

I have written a default msql.acl file which gets installed by the
debian package.  Its default is to allow read access to any database
from the local host and only allow write access from the user msql.

Here it is:

database=*
read=*
write=msql
access=local

> 2) When an ACL file is used, one form of authentication is by username.
> The msql server accepts the username from the client and does no
> authentication on it whatsoever.  Thus, if an msql server which used
> username access control were accessible from a multiuser host,
> unauthorized users on that host could access the database by simply
> knowing the login name of an authorized user.

I have included ident lookup of the username.

> 2) The other form of authentication used is hostname.  The msql server
> does a lookup on the IP address of the client, but does not
> subsequently do a lookup of the resulting hostname to verify it.
> Hence, host name authentication is trivially defeated.  This problem
> was previously described in an SNI advisory
> (ftp://ftp.secnet.com/pub/advisories/SNI-17.MSQL.advisory), and SNI has
> made patches available to address this problem (and others) for msql
> version 2, but no such patches seem to exist for msql version 1.

I still need to include such a patch.  If there is one for msql 2
it should not be too hard developing one for msql 1.  Maybe I'll
release an msql 2 first so this gets obsoleted.

> Conclusions:  install an msql.acl file; don't use username
> authentication; disable remote access (set 'access=local' in msql.acl)

NB: impossible for me, I'm working on several different database
server and I only access them from another machine.

Regards

	Joey

-- 
  / Martin Schulze  *  joey@infodrom.north.de  *  26129 Oldenburg /
 / Germany.Net ist vergleichbar mit einem Telefon                /
/          ohne Waehlscheibe und Klingel... -- Lutz Donnerhacke /


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .