| From: | Oliver Elphick <olly(at)lfix(dot)co(dot)uk> |
|---|---|
| To: | Suporte <Suporte(at)wwrent(dot)com(dot)br> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: The " \! " and " \l " commands |
| Date: | 2002-02-01 21:54:07 |
| Message-ID: | 1012600452.3182.71.camel@linda |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 2002-02-01 at 21:11, Peter Eisentraut wrote:
> You could start the psql program with SHELL=/bin/false in the environment.
I just experimented with that; it doesn't stop you doing "\! sh". Do we
need a psql equivalent of rbash (restricted Bash shell)?
You will probably have to run psql in a severely restricted chroot
environment; or tweak the code of psql to eliminate the various
loopholes (\!, \g, \o).
Perhaps instead you should look into IP-tunnelling into the PostgreSQL
server through ssh. I think your aim should be not to run psql on the
server at all.
--
Oliver Elphick Oliver(dot)Elphick(at)lfix(dot)co(dot)uk
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
"And be not conformed to this world; but be ye
transformed by the renewing of your mind, that ye may
prove what is that good, and acceptable, and perfect,
will of God." Romans 12:2
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-02-01 21:56:42 | Array slice subscripts (was Re: [SQL] plpgsql function with more than one array argument) |
| Previous Message | Frank Wiles | 2002-02-01 21:28:19 | TODO Perl documentation question |