Re: Privilege escalation via LOAD

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: John Heasman <john(at)ngssoftware(dot)com>
Cc: pgsql-bugs(at)postgresql(dot)org, dl-advisories(at)ngssoftware(dot)com
Subject: Re: Privilege escalation via LOAD
Date: 2005-01-24 16:05:20
Message-ID: 21745.1106582720@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

John Heasman <john(at)ngssoftware(dot)com> writes:
> It appears that low privileged users can invoke the LOAD extension to load
> arbitrary libraries into the postgres process space.

Hmm. Creating C functions is restricted to superusers, but I guess no
one ever noticed that LOAD isn't. On a platform where that can execute
initialization functions this does seem like a security issue.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2005-01-24 16:16:54 Re: 8.0.0 gmake check fails if on disk, passes on ram disk....
Previous Message Jeff Ross 2005-01-24 16:03:04 Re: 8.0.0 gmake check fails if on disk, passes on ram disk....