From: | Mudy Situmorang <mudy(at)astasolusi(dot)com> |
---|---|
To: | Guillaume Lelarge <guillaume(at)lelarge(dot)info>, pgadmin-support(at)postgresql(dot)org |
Subject: | Re: Superuser without pg_hba could drop database |
Date: | 2010-07-29 07:15:20 |
Message-ID: | AANLkTim6+he4c9GzQCDeHSNH9aXGd+WTGMQ3noEjESiA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-support |
psql runs only from the server, while pgAdmin (which is a standard
installation in PostgerSQL for windows) easily installed in any clients.
In a network with several different projects & many databases that requires
dozens of superuser, pg_hba could provide the required access control.
In this bug, when one superuser password compromised, then all database can
be dropped from any clients using pgAdmin.
IMO this is a major security problem on pgAdmin software.
Regards,
Mudy
2010/7/29 Guillaume Lelarge <guillaume(at)lelarge(dot)info>
> Le 29/07/2010 07:34, Mudy Situmorang a écrit :
> > Superuser without pg_hba could drop database from client at pgAdminIII
> > Object browser by left click & Delete/Drop.
> >
> > User has superuser rights, but no pg_hba connection entry for the host.
> >
> > There are warnings on left click, twice:
> > An error has occured:
> > FATAL: no pg_hba.conf entry for host "172.17.0.8", user "tempuser",
> database
> > "testdatabase", SSL on
> > FATAL: no pg_hba.conf entry for host "172.17.0.8", user "tempuser",
> database
> > "testdatabase", SSL off
> >
> > Then context menu appear, click Delete/Drop, Yes on confirmation.
> >
> > The database is gone.
> >
> >
> > pgAdminIII at client:
> > Windows XP
> > pgAdminIII 1.10.3 (from PostgreSQL 8.4 windows package)
> >
> >
> > PostgreSQL 8.4 server:
> > Ubuntu 10.04
> >
> >
> >
> > I think it is very dangerous.
> >
>
> This is not an issue with pgAdmin. You can do the same with psql.
>
> BTW, pg_hba.conf file controls who has the right to connect to one
> database or another, not the rights users have on objects. To drop a
> database, you need to be its owner or a superuser, and you need that
> noone is connected to this database. It has nothing to do with the fact
> that you are allowed to connect to it.
>
>
> --
> Guillaume
> http://www.postgresql.fr
> http://dalibo.com
>
From | Date | Subject | |
---|---|---|---|
Next Message | Guillaume Lelarge | 2010-07-29 07:29:20 | Re: Superuser without pg_hba could drop database |
Previous Message | Guillaume Lelarge | 2010-07-29 06:31:44 | Re: Superuser without pg_hba could drop database |