From: | Melvin Davidson <melvin6925(at)gmail(dot)com> |
---|---|
To: | Dev Kumkar <devdas(dot)kumkar(at)gmail(dot)com> |
Cc: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Sameer Kumar <sameer(dot)kumar(at)ashnik(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: How to stop script executions |
Date: | 2016-07-26 14:05:04 |
Message-ID: | CANu8FiwtoK3EACMb2ZpRDR0-RKpmY16BR5WigbBc3BFWsgQ=rA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Tue, Jul 26, 2016 at 9:52 AM, Dev Kumkar <devdas(dot)kumkar(at)gmail(dot)com> wrote:
> On Tue, Jul 26, 2016 at 6:59 PM, David G. Johnston <
> david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
>
>> Typically this means that given user only having psql, or some other
>> backend protocol only, connect to the database are they able to execute
>> arbitrary commands as the user running the PostgreSQL process on the host
>> system.
>>
>> Untrusted langauges are untrusted for specifically this reason. Without
>> untrusted languages it requires privilege escalation to interact
>> dynamically with the host operating system.
>>
>> Assuming raised privileges it is presently impossible to prevent such
>> dynamic interaction.
>>
>
> Just thinking if untrusted language like plperlu is not installed then
> executing arbitrary commands is not possible.
> So the other possible which you did mention was COPY FROM PROGRAM command,
> is this understanding correct?
>
> Regards...
>
>COPY FROM PROGRAM
I think at this point it would be most beneficial if
1. You stated your version of PostgreSQL & O/S
2. Gave a comprehensive explanation of exactly what you are trying to do.
IOW, What exactly are you trying to prevent users from doing and why?
--
*Melvin Davidson*
I reserve the right to fantasize. Whether or not you
wish to share my fantasy is entirely up to you.
From | Date | Subject | |
---|---|---|---|
Next Message | David G. Johnston | 2016-07-26 14:19:09 | Re: How to stop script executions |
Previous Message | Adrian Klaver | 2016-07-26 14:04:38 | Re: RE: [GENERAL] Re: [GENERAL] A simple extension immitating pg_notify |