From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | freak001(at)mmp(dot)lu (Matthias Schmitt) |
Cc: | pgsql-hackers(at)postgreSQL(dot)org |
Subject: | Re: [HACKERS] Hacker found bug in Postgres ? |
Date: | 1999-04-27 16:35:39 |
Message-ID: | 199904271635.MAA03863@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> Hello,
>
> this night we discovered here a strange behaviour on our servers. Somebody
> managed to get access to the UNIX shell using the 'postgres' db
> administrator account. He logged in some machines with a single try ! The
> password was not part of any dictionary. He tried some other accounts,
> without success. Under the user postgres he installed an 'eggdrop' program
> on the machine, implementing an IRC server.
>
> If you want to look on your servers, look for an ".elm/..." directory in
> the postgres home directory. You may discover too some processes named
> "./..." or "../ -m" running under the postgres user.
>
> Is there any chanche, that the postgres database contains a bug giving
> shell access ? Is there any chance to trace what happens on the postgres
> port ?
Obviously a serious issue here.
This is the first time in 2.8 years I have heard any security
problem reported about PostgreSQL. There may be some problem, but I
know of no known security problems. Because PostgreSQL is
client/server, client processes run as normal users, and the backends
run as postgres, and there is no way I know of for a normal user to have
a backend run arbitrary code as the postgres user.
--
Bruce Momjian | http://www.op.net/~candle
maillist(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
From | Date | Subject | |
---|---|---|---|
Next Message | Vince Vielhaber | 1999-04-27 17:00:04 | Re: [HACKERS] Hacker found bug in Postgres ? |
Previous Message | Bruce Momjian | 1999-04-27 16:25:20 | Re: [HACKERS] RE: Mysql comparison |