From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Tomasz Olszak <tolszak(at)o2(dot)pl>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Problem with accesing Oracle from plperlu functionwhen using remote pg client. |
Date: | 2009-03-17 18:45:39 |
Message-ID: | 20090317184538.GA3397@svana.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Mar 16, 2009 at 08:50:36PM -0400, Tom Lane wrote:
> Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> writes:
> > Hmm, I wonder if you could do something malicious with it.
>
> There are any number of scenarios where exposing the client command-line
> contents to other database users represents a security hole, quite
> independently of whether anything falls over depending on the line
> contents. (I wonder whether there are any Oracle clients that accept
> a password on the command line, for instance.)
Note that you're talking about the whole command line, whereas oracle
apparently talks about the "program name" (argv[0]). Normally the
commandline in memory has NUL characters between the arguments, with
the part to the first NUL being the program name, like so:
# cat /proc/3793/cmdline |hexdump -C
00000000 2f 73 62 69 6e 2f 64 68 63 6c 69 65 6e 74 00 2d |/sbin/dhclient.-|
00000010 31 00 2d 6c 66 00 2f 76 61 72 2f 6c 69 62 2f 64 |1.-lf./var/lib/d|
^^ ^^
Whereas postgresql, in munging it's command line uses *spaces* between
each bit, meaning that anyone looking for the "program name" (argv[0])
is going to get the whole line. Example:
# cat /proc/4472/cmdline |hexdump -C
00000000 70 6f 73 74 67 72 65 73 3a 20 77 72 69 74 65 72 |postgres: writer|
00000010 20 70 72 6f 63 65 73 73 20 20 20 00 00 00 00 00 | process .....|
^^ ^^ ^^
Maybe someone could check if replacing the first space with a NUL
works. It shouldn't effect the ps output.
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> Please line up in a tree and maintain the heap invariant while
> boarding. Thank you for flying nlogn airlines.
From | Date | Subject | |
---|---|---|---|
Next Message | Chuck McDevitt | 2009-03-17 18:48:40 | Re: Solaris getopt_long and PostgreSQL |
Previous Message | Tom Lane | 2009-03-17 18:26:22 | Re: Solaris getopt_long and PostgreSQL |