| From: | Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com> |
|---|---|
| To: | Diego Linke - GAMK <linke(at)calnet(dot)com(dot)br> |
| Cc: | <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: "Bug" report - Serious (local shell) |
| Date: | 2003-08-14 18:46:47 |
| Message-ID: | 20030814114242.A90183-100000@megazone.bigpanda.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Thu, 14 Aug 2003, Diego Linke - GAMK wrote:
> Your name : Diego Linke
> Your email address : gamk(at)gamk(dot)com(dot)br
>
> System Configuration
> ---------------------
> Architecture (example: Intel Pentium) : Intel
>
> Operating System (example: Linux 2.0.26 ELF) : NetBSD 1.6.1_STABLE
>
> PostgreSQL version (example: PostgreSQL-7.3.2): PostgreSQL-7.3.2
>
> Compiler used (example: gcc 2.95.2) : 2.95.3 20010315
>
> Please enter a FULL description of your problem:
> ------------------------------------------------
>
> The problem is that postgresql when calls a function in external C,
> calls with user of the postgres.
> A bad user will be able to create binary with shell suid for the user
> of postgres, and to assume the control of postgres (pg_hba.conf,
> bases, postmaster, at last everything that the user of postgres can
> make).
Only a bad database superuser should be able to do anything of the sort
because normal users shouldn't be allowed to use CREATE FUNCTION with C
language functions (it's untrusted), are you seeing something different?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Houle | 2003-08-14 19:11:27 | DBD::Pg 'lo_read' fails on >= 32768 byte large objects |
| Previous Message | Andreas Hinz | 2003-08-14 18:19:55 | ALTER SCHEMA problem |