| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Dimitri Fontaine <dimitri(at)2ndQuadrant(dot)fr> |
| Cc: | Dave Page <dpage(at)pgadmin(dot)org>, Hannu Krosing <hannu(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Steven Citron-Pousty <spousty(at)redhat(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, "shifters(at)redhat(dot)com shifters" <shifters(at)redhat(dot)com>, Matthew Hicks <mhicks(at)redhat(dot)com>, Hirotsugu Asari <hasari(at)redhat(dot)com>, Adam Miller <admiller(at)redhat(dot)com> |
| Subject: | Re: Feature Request on Extensions |
| Date: | 2013-08-19 23:42:50 |
| Message-ID: | 20130819234250.GF9087@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Aug 19, 2013 at 11:44:36PM +0200, Dimitri Fontaine wrote:
> Bruce Momjian <bruce(at)momjian(dot)us> writes:
> > That's pretty vague. Exactly what does "keys to the kingdom" mean? If
> > it means you can do anything to the database, you are right. If it
> > means executing arbitrary code, including arbitrary kernel calls, I
> > would like to hear how that is done.
>
> You've now heard about one way to do that in an off-list email, so that
> it's not in our public archives for any malicious user to find it.
Yes, agreed. FYI, the method I listed above is public and was
discovered on an exploit website.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2013-08-20 00:17:26 | Re: ALTER SYSTEM SET command to change postgresql.conf parameters (RE: Proposal for Allow postgresql.conf values to be changed via SQL [review]) |
| Previous Message | Tom Lane | 2013-08-19 23:41:13 | Re: danger of stats_temp_directory = /dev/shm |