Re: Securing "make check" (CVE-2014-0067)

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: james <james(at)mansionfamily(dot)plus(dot)com>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Noah Misch <noah(at)leadboat(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Securing "make check" (CVE-2014-0067)
Date: 2014-03-02 20:17:55
Message-ID: 20140302201755.GX12995@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

* james (james(at)mansionfamily(dot)plus(dot)com) wrote:
> Well, the banks I've contracted at recently are all rather keen on
> virtual desktops for developers, and some of those are terminal
> services. We're a headache, and packaging up all the things we need
> is a pain, so there is some mileage in buying grunty servers and
> doing specific installs that are then shared, rather than making an
> MSI generally available.
>
> Also I have experience of being given accounts for jenkins etc that
> are essentially terminal services logins, and having these things
> unable to maintain a software stack can effectively disqualify tech
> we would otherwise use.

And what are the feelings security on these multi-user development
environments? Is everyone on them trusted users, or are there
untrusted / general accounts?

The issue here is about how much effort to go to in order to secure the
PostgreSQL system that is started up to do the regression tests. It's
already set up to only listen on localhost and will run with only the
privileges of the user running the tests. The concern is that another
user on the same system could gain access to the account which is
running the 'make check' by connecting over localhost to the PostgreSQL
instance and being superuser there, which would allow executing
commands, etc, as that other user (eg: with COPY PIPE).

THanks,

Stephen

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Marko Tiikkaja 2014-03-02 20:55:33 Re: proposal, patch: allow multiple plpgsql plugins
Previous Message Andrew Dunstan 2014-03-02 20:12:27 Re: Securing "make check" (CVE-2014-0067)