Re: [HACKERS] Hacker found bug in Postgres ?

> Hello,
>
> this night we discovered here a strange behaviour on our servers. Somebody
> managed to get access to the UNIX shell using the 'postgres' db
> administrator account. He logged in some machines with a single try ! The
> password was not part of any dictionary. He tried some other accounts,
> without success. Under the user postgres he installed an 'eggdrop' program
> on the machine, implementing an IRC server.
>
> If you want to look on your servers, look for an ".elm/..." directory in
> the postgres home directory. You may discover too some processes named
> "./..." or "../ -m" running under the postgres user.
>
> Is there any chanche, that the postgres database contains a bug giving
> shell access ? Is there any chance to trace what happens on the postgres
> port ?

Obviously a serious issue here.

This is the first time in 2.8 years I have heard any security
problem reported about PostgreSQL. There may be some problem, but I
know of no known security problems. Because PostgreSQL is
client/server, client processes run as normal users, and the backends
run as postgres, and there is no way I know of for a normal user to have
a backend run arbitrary code as the postgres user.

--
Bruce Momjian | http://www.op.net/~candle
maillist(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026