Re: Why does Postgres need the /bin/sh?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Amadei <amadei(at)dandy(dot)net>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: Why does Postgres need the /bin/sh?
Date: 2002-05-04 14:53:55
Message-ID: 26941.1020524035@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Stephen Amadei <amadei(at)dandy(dot)net> writes:
> However, if someone was to know that Postgres needs a /bin/rm, an exploit
> could be created that runs /bin/rm instead of /bin/sh and trashes the
> databases postgres owns. Of course, this is a big IF. ;-)

The attacker won't be able to do any of this unless he's already managed
to connect to the database, no? There are much easier ways to zap your
data at the SQL level. Sorry but I'm having a hard time getting excited
about this proposition...

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Stephen Amadei 2002-05-05 01:18:02 Re: 7.2.1 segfaults.
Previous Message Tom Lane 2002-05-04 14:48:47 Re: 7.2.1 segfaults.