| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Hadley Willan <hadley(dot)willan(at)deeperdesign(dot)co(dot)nz> |
| Cc: | Postgresql General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Why are absolute paths considered a security risk? |
| Date: | 2003-02-26 00:31:21 |
| Message-ID: | 25797.1046219481@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hadley Willan <hadley(dot)willan(at)deeperdesign(dot)co(dot)nz> writes:
> The documentation (7.2.1) mentions that allowing absolute paths when
> creating a db is a security risk and is off by default.
> However, it seems fairly hard to exploit, and I was wondering if anybody
> has any examples of how much of a risk this is?
> Reason I ask is we're considering turning them on in our server and want
> to consider these risks.
The difficulty is that someone who is allowed to create databases (but
isn't necessarily a superuser) will be able to cause the backend to
scribble in any directory that the postgres user has write access to.
The potential damage is somewhat limited since "base/DBOID" gets tacked
onto the user-specified string, and the user has little if any control
over the DBOID part. Still, it's a risk.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Bartley | 2003-02-26 00:59:07 | WITHOUT OIDS |
| Previous Message | Cristian Custodio | 2003-02-26 00:24:49 | OID or lo |