| From: | Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Fwd: init scripts and su |
| Date: | 2004-08-06 04:57:08 |
| Message-ID: | 41130FA4.1040902@familyhealth.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>>During the time between the daemon launch and it closing it's file
>>handles and calling setsid(2) (which some daemons don't do because
>>they are buggy) any other code running in the same UID could take over
>>the process via ptrace, fork off a child process that inherits the
>>administrator tty, and then stuff characters into the keyboard buffer
>>with ioctl(fd,TIOCSTI,&c) (*).
>
>
> (a) And there would be untrusted code running as postgres exactly why?
>
> (b) Seems to me the real security bug here is the mere existence of that
> ioctl call.
I was asked on IRC just why we can't have user=postgres and
group=postgres in the postgresql.conf, and simply when we are run as
root, switch to that user and group.
Chris
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2004-08-06 05:02:37 | Re: pgxs: build infrastructure for extensions v4 |
| Previous Message | Christopher Kings-Lynne | 2004-08-06 04:53:00 | Re: 8.0 beta status |