| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | raf <raf(at)raf(dot)org>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Hiding a GUC from SQL |
| Date: | 2020-06-22 03:32:24 |
| Message-ID: | 10928ddb7c4d0727b0ee7f3c53a43a514061a2a7.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 2020-06-22 at 09:44 +1000, raf wrote:
> A superuser can access files and start programs on the server machine.
> > A dedicated superuser may for example attach to PostgreSQL with a debugger
> > and read the value of the variable.
> >
> > And if that doesn't work, there may be other things to try.
> >
> > It is mostly useless to try to keep a superuser from doing anything that
> > the "postgres" operating system user can do.
>
> But only mostly useless. :-) There are ways to limit the power of the
> superuser. On Linux, for instance, "sysctl kernel.yama.ptrace_scope=3"
> prevents tracing, debugging, and reading another process's memory, even
> by the superuser, and the only way to turn it off is via a (hopefully
> noticeable) reboot.
Interesting. Will this block a user from debugging his own processes?
Perhaps you can plug that hole that way, but that was just the first thing
that popped in my head. Don't underestimate the creativity of attackers.
I for one would not trust my ability to anticipate all possible attacks,
and I think that would be a bad security practice.
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2020-06-22 04:02:00 | Re: Definition of REPEATABLE READ |
| Previous Message | Laurenz Albe | 2020-06-22 03:25:54 | Re: Feature suggestion: auto-prefixing SELECT query column names with table/alias names |