| From: | raf <raf(at)raf(dot)org> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Hiding a GUC from SQL |
| Date: | 2020-06-22 05:20:55 |
| Message-ID: | 20200622052055.zv5zq2tr6iqyc3tv@raf.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Laurenz Albe wrote:
> On Mon, 2020-06-22 at 09:44 +1000, raf wrote:
> > A superuser can access files and start programs on the server machine.
> > > A dedicated superuser may for example attach to PostgreSQL with a debugger
> > > and read the value of the variable.
> > >
> > > And if that doesn't work, there may be other things to try.
> > >
> > > It is mostly useless to try to keep a superuser from doing anything that
> > > the "postgres" operating system user can do.
> >
> > But only mostly useless. :-) There are ways to limit the power of the
> > superuser. On Linux, for instance, "sysctl kernel.yama.ptrace_scope=3"
> > prevents tracing, debugging, and reading another process's memory, even
> > by the superuser, and the only way to turn it off is via a (hopefully
> > noticeable) reboot.
>
> Interesting. Will this block a user from debugging his own processes?
Yes.
> Perhaps you can plug that hole that way, but that was just the first thing
> that popped in my head. Don't underestimate the creativity of attackers.
> I for one would not trust my ability to anticipate all possible attacks,
> and I think that would be a bad security practice.
Yes, but that's no reason not to perform as much risk
assessment and mitigation as you can afford/justify.
Not being able to prevent all attacks is no reason not
to prevent those that you can. :-) Nobody said anything
about underestimating anyone or trusting anyone.
> Yours,
> Laurenz Albe
cheers,
raf
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Paul Förster | 2020-06-22 05:30:18 | Re: Netapp SnapCenter |
| Previous Message | Sankar P | 2020-06-22 04:43:37 | DISTINCT on jsonb fields and Indexes |