| From: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> |
|---|---|
| To: | Steve Atkins <steve(at)blighty(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Compromised postgresql instances |
| Date: | 2018-06-08 20:39:25 |
| Message-ID: | 4d6d8208-8b56-0308-d271-fe3d465b2f36@2ndQuadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 06/08/2018 04:34 PM, Steve Atkins wrote:
> I've noticed a steady trickle of reports of postgresql servers being compromised via being left available to the internet with insecure or default configuration, or brute-forced credentials. The symptoms are randomly named binaries being uploaded to the data directory and executed with the permissions of the postgresql user, apparently via an extension or an untrusted PL.
>
> Is anyone tracking or investigating this?
>
Please cite actual instances of such reports. Vague queries like this
help nobody.
Furthermore, security concerns are best addressed to the security
mailing list.
cheers
andrew
--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2018-06-08 20:47:59 | Re: Compromised postgresql instances |
| Previous Message | Alvaro Herrera | 2018-06-08 20:35:52 | Re: SHOW ALL does not honor pg_read_all_settings membership |