| From: | Greg Smith <greg(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Josh Kupershmidt <schmiddy(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Patch to allow users to kill their own queries |
| Date: | 2011-12-16 14:19:52 |
| Message-ID: | 4EEB5388.50504@2ndQuadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 12/16/2011 08:42 AM, Robert Haas wrote:
> the proposed patch would potentially result - in the extremely
> unlikely event of a
> super-fast PID wraparound - in someone cancelling a query they
> otherwise wouldn't have been able to cancel.
>
So how might this get exploited?
-Attach a debugger and put a breakpoint between the check and the kill
-Fork processes to get close to your target
-Wait for a process you want to mess with to appear at the PID you're
waiting for. If you miss it, repeat fork bomb and try again.
-Resume the debugger to kill the other user's process
If I had enough access to launch this sort of attack, I think I'd find
mayhem elsewhere more a more profitable effort. Crazy queries, work_mem
abuse, massive temp file generation, trying to get the OOM killer
involved; seems like there's bigger holes than this already.
--
Greg Smith 2ndQuadrant US greg(at)2ndQuadrant(dot)com Baltimore, MD
PostgreSQL Training, Services, and 24x7 Support www.2ndQuadrant.us
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2011-12-16 14:37:58 | Re: Patch to allow users to kill their own queries |
| Previous Message | Simon Riggs | 2011-12-16 13:57:16 | Re: JSON for PG 9.2 |