| From: | Stephen Amadei <amadei(at)dandy(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: Why does Postgres need the /bin/sh? |
| Date: | 2002-05-05 01:40:42 |
| Message-ID: | Pine.LNX.4.44.0205042133180.11954-100000@rastaban.dandy.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Sat, 4 May 2002, Tom Lane wrote:
> Stephen Amadei <amadei(at)dandy(dot)net> writes:
> > However, if someone was to know that Postgres needs a /bin/rm, an exploit
> > could be created that runs /bin/rm instead of /bin/sh and trashes the
> > databases postgres owns. Of course, this is a big IF. ;-)
>
> The attacker won't be able to do any of this unless he's already managed
> to connect to the database, no?
Besides dbcommands.c, I have not looked over any Postgres code, so I
cannot be certain of what happens between socket connection and
authentication. I'm just paranoid. ;-)
> There are much easier ways to zap your
> data at the SQL level.
This assumes the user authenticated. If the user authenticates, I
couldn't care less if they trash their own database via SQL.
> Sorry but I'm having a hard time getting excited
> about this proposition...
I don't blame you... it looks hard to do. Maybe I'll try it later if I
get the time... for now I'm trying to wring out the last bugs of the
fork/execl change.
----Steve
Stephen Amadei
Dandy.NET! CTO
Atlantic City, NJ
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vladimir Zolotykh | 2002-05-05 09:03:00 | Bad timestamp external representation 'Sun 05 May 11:53:44.731416 2002 EEST' |
| Previous Message | Stephen Amadei | 2002-05-05 01:18:02 | Re: 7.2.1 segfaults. |