From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Dimitri Fontaine <dimitri(at)2ndQuadrant(dot)fr> |
Cc: | Dave Page <dpage(at)pgadmin(dot)org>, Hannu Krosing <hannu(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Steven Citron-Pousty <spousty(at)redhat(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, "shifters(at)redhat(dot)com shifters" <shifters(at)redhat(dot)com>, Matthew Hicks <mhicks(at)redhat(dot)com>, Hirotsugu Asari <hasari(at)redhat(dot)com>, Adam Miller <admiller(at)redhat(dot)com> |
Subject: | Re: Feature Request on Extensions |
Date: | 2013-08-19 16:15:43 |
Message-ID: | 20130819161543.GB9087@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Aug 19, 2013 at 11:34:47AM +0200, Dimitri Fontaine wrote:
> Dave Page <dpage(at)pgadmin(dot)org> writes:
> > If you find a hole in the boat, the preferred option is to fix it, not
> > to say "meh, well another won't hurt".
>
> My understanding is that there's no way to fix it. If you're superuser
> you have the keys to the kingdom. That's it.
>
> And that's why it's very important that as many as possible of our
> feature set works without requiring superuser.
That's pretty vague. Exactly what does "keys to the kingdom" mean? If
it means you can do anything to the database, you are right. If it
means executing arbitrary code, including arbitrary kernel calls, I
would like to hear how that is done.
Was writing into the postgres users's .profile and waiting for them to
log in what you were thinking of? You could also create a binary in
their home directory and have .profile run it. (I thought this was a
particularly creative exploit.)
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
From | Date | Subject | |
---|---|---|---|
Next Message | Boszormenyi Zoltan | 2013-08-19 16:23:44 | Re: UNNEST with multiple args, and TABLE with multiple funcs |
Previous Message | Tom Lane | 2013-08-19 15:06:21 | Re: LATERAL quals revisited |