Quick Links

Re: Fwd: init scripts and su

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Fwd: init scripts and su
Date:	2004-08-06 04:43:54
Message-ID:	7009.1091767434@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> For your amusement...

> During the time between the daemon launch and it closing it's file
> handles and calling setsid(2) (which some daemons don't do because
> they are buggy) any other code running in the same UID could take over
> the process via ptrace, fork off a child process that inherits the
> administrator tty, and then stuff characters into the keyboard buffer
> with ioctl(fd,TIOCSTI,&c) (*).

(a) And there would be untrusted code running as postgres exactly why?

(b) Seems to me the real security bug here is the mere existence of that
ioctl call.

regards, tom lane

In response to

Fwd: init scripts and su at 2004-07-31 08:15:52 from Peter Eisentraut

Responses

Re: Fwd: init scripts and su at 2004-08-06 04:57:08 from Christopher Kings-Lynne
Re: Fwd: init scripts and su at 2004-08-09 08:17:02 from Peter Eisentraut

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Greg Stark	2004-08-06 04:48:15	Upgrade path for contrib modules
Previous Message	Bruce Momjian	2004-08-06 04:25:06	Re: pgxs: build infrastructure for extensions v4