| From: | David Fetter <david(at)fetter(dot)org> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: \gsetenv |
| Date: | 2020-12-20 23:34:15 |
| Message-ID: | 20201220233414.GG13234@fetter.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Dec 20, 2020 at 10:42:40PM +0200, Heikki Linnakangas wrote:
> On 20/12/2020 21:05, David Fetter wrote:
> > We have plenty of ways to spawn shells and cause havoc, and we
> > wouldn't be able to block them all even if we decided to put a bunch
> > of pretty onerous restrictions on psql at this very late date. We have
> > \set, backticks, \!, and bunches of things less obvious that could,
> > even without a compromised server, cause real mischief.
>
> There is a big difference between having to trust the server or not. Yeah,
> you could cause a lot of mischief if you let a user run arbitrary psql
> scripts on your behalf. But that's no excuse for opening up a whole another
> class of problems.
I'm skittish about putting exploits out in public in advance of
discussions about how to mitigate them, but I have constructed several
that do pretty bad things using only hostile content in a server and
the facilities `psql` already provides.
Best,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2020-12-20 23:54:31 | Re: [PATCH] Logical decoding of TRUNCATE |
| Previous Message | Andres Freund | 2020-12-20 23:13:08 | Re: [PATCH] Logical decoding of TRUNCATE |