Re: Building PostgreSQL old version from source to test vulnerability CVE-2017-7546

Thanks for your answer Christoph. I've tried to do that but I can't debug
it inside GDB. I configured like so:

CFLAGS="-O0 -g" ./configure --enable-debug

As I found suggested in a SO thread. Then made and installed, and when I
launch gdb either like

gdb --args /usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data

or starting it normally and then attaching GDB (having found the PID
with a select
pg_backend_pid() ):

gdb -p <PID>

I can't get to set a breakpoint in crypt.c, for example. It theoretically
loaded debugging symbols, but I can't find the .c files inside the src/
from where I built Postgres. If I try to add them:

(gdb) add-symbol-file software/postgres_dec6e47/src/backend/libpq/crypt.c
The address where software/postgres_dec6e47/src/backend/libpq/crypt.c has
been loaded is missing

I suspect this has something to do with postgres having to be launched with
user postgres, while gdb not, besides installing it from my normal user and
not postgres. When trying to build it with postgres user, it basically
complains about it not being in sudoers.

On the other hand, I tried to set up logging and I did not get any further
info.

Thanks.

[image: logo_170x100px.png] <http://www.gradiant.org/>

Julián Jiménez González

Investigador - Desarrollador | Área de Servicios y Aplicaciones

Researcher - Developer | Services & Applications Department

Ph. (+34) 986 120 430 Ext. 3021
jjimenez(at)gradiant(dot)org | www.gradiant.org

[image: Iconos Redes Sociales GRD Firma email-01]
<https://es-es.facebook.com/GradiantCT/> [image: Iconos Redes Sociales GRD
Firma email-02] <https://twitter.com/Gradiant> [image: Iconos Redes
Sociales GRD Firma email-03] <https://www.linkedin.com/company-beta/769728>
[image: Iconos Redes Sociales GRD Firma email-04]
<https://www.youtube.com/user/ComunicacionGRD>

Take care of the environment. Try not to print this email.
The information contained in this email message may be confidential
information, and may also be the subject of legal professional privilege.
If you are not the intended recipient, any use, interference with,
disclosure or copying of this material is unauthorized and prohibited.
Please inform us immediately and destroy the email. Thank you for your
cooperation.

2018-02-22 10:55 GMT+01:00 Christoph Berg <myon(at)debian(dot)org>:

> Re: Julián Jiménez González 2018-02-21 <CAANxhjKZKWh-Rfdh=
> OvUPOmobKiSm54j9MdACeKOV=y_iiaHtw(at)mail(dot)gmail(dot)com>
> > I need and would greatly appreciate any help tracking this problem down.
>
> I'd try setting gdb breakpoints on the relevant code lines/functions.
>
> If it helps, old Ubuntu packages are available there:
> http://atalia.postgresql.org/morgue/
> https://wiki.postgresql.org/wiki/Apt/FAQ#Where_are_older_
> versions_of_the_packages.3F
>
> Christoph
>