From: | Hadley Willan <hadley(dot)willan(at)deeperdesign(dot)co(dot)nz> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Postgresql General <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Why are absolute paths considered a security risk? |
Date: | 2003-02-26 01:07:12 |
Message-ID: | 1046221632.1595.3.camel@atlas.sol.deeper.co.nz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Okay, this is fairly minor, and in our situation non-existant
considering that the only user capable of creating databases is
postgres.
Thanks for your help.
Hadley
On Wed, 2003-02-26 at 13:31, Tom Lane wrote:
> Hadley Willan <hadley(dot)willan(at)deeperdesign(dot)co(dot)nz> writes:
> > The documentation (7.2.1) mentions that allowing absolute paths when
> > creating a db is a security risk and is off by default.
> > However, it seems fairly hard to exploit, and I was wondering if anybody
> > has any examples of how much of a risk this is?
> > Reason I ask is we're considering turning them on in our server and want
> > to consider these risks.
>
> The difficulty is that someone who is allowed to create databases (but
> isn't necessarily a superuser) will be able to cause the backend to
> scribble in any directory that the postgres user has write access to.
> The potential damage is somewhat limited since "base/DBOID" gets tacked
> onto the user-specified string, and the user has little if any control
> over the DBOID part. Still, it's a risk.
>
> regards, tom lane
--
Hadley Willan > Systems Development > Deeper Design Limited. +64(7)377-3328
hadley(dot)willan(at)deeperdesign(dot)co(dot)nz > www.deeperdesign.com > +64(21)-28-41-463
Level 1, 4 Tamamutu St, PO Box 90, TAUPO 2730, New Zealand.
From | Date | Subject | |
---|---|---|---|
Next Message | Joseph Shraibman | 2003-02-26 01:16:47 | Re: How do I change the server encoding? |
Previous Message | Andrew Bartley | 2003-02-26 00:59:07 | WITHOUT OIDS |