| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Securing "make check" (CVE-2014-0067) |
| Date: | 2014-03-02 22:17:33 |
| Message-ID: | 5313ADFD.3030900@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 03/02/2014 12:17 PM, Stephen Frost wrote:
> The issue here is about how much effort to go to in order to secure the
> PostgreSQL system that is started up to do the regression tests. It's
> already set up to only listen on localhost and will run with only the
> privileges of the user running the tests. The concern is that another
> user on the same system could gain access to the account which is
> running the 'make check' by connecting over localhost to the PostgreSQL
> instance and being superuser there, which would allow executing
> commands, etc, as that other user (eg: with COPY PIPE).
My $0.02: Not a lot of effort.
A) Few users run the regression tests at all, because they use packages.
B) Of the users who do self-builds, most do so on secure systems deep
inside the corporate firewall.
C) A related attack requires not only access to the host but good timing
as well, or the ability to leave a booby-trap program on the system.
D) If the host is compromised, the user gains access to the build user
... which should be a regular, unprivilged, shell user.
The only way I can see this being of real use to an attacker is if they
could use this exploit to create a wormed version of PostgresQL on the
target build system. Is that possible?
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2014-03-02 22:35:20 | Re: Securing "make check" (CVE-2014-0067) |
| Previous Message | Marko Tiikkaja | 2014-03-02 20:55:33 | Re: proposal, patch: allow multiple plpgsql plugins |