| From: | Jan Wieck <janwieck(at)Yahoo(dot)com> |
|---|---|
| To: | PostgreSQL HACKERS <pgsql-hackers(at)postgreSQL(dot)org> |
| Subject: | Security hole in PL/pgSQL |
| Date: | 2001-01-29 15:07:27 |
| Message-ID: | 200101291507.KAA03199@jupiter.greatbridge.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Damn,
the new EXECUTE command in PL/pgSQL is a security hole.
PL/pgSQL is a trusted procedural language, meaning that
regular users can write code in it. With the new EXECUTE
command, someone could read and write arbitrary files under
the postgres UNIX-userid using the COPY command.
So it's easy to overwrite the hba config file for regular
users. I think we have to restrict the usage of EXECUTE
inside of function to DB superusers. Meaning, the owner of
the function using EXECUTE must be superuser, not the actual
invoker.
More damned - PL/Tcl has the same functionality since ever.
And there it isn't that easy to restrict, since it has a much
more generalized SPI interface. What do we do in this case?
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-01-29 15:51:30 | Re: [ANNOUNCE] PostgreSQL v7.1BETA4 Bundled and Available ... |
| Previous Message | Tom Lane | 2001-01-29 15:03:40 | Re: scan.l simplifications |