Re: [HACKERS] Hacker found bug in Postgres ?

> Hello,
> 
> this night we discovered here a strange behaviour on our servers. Somebody
> managed to get access to the UNIX shell using the 'postgres' db
> administrator account. He logged in some machines with a single try ! The
> password was not part of any dictionary. He tried some other accounts,
> without success. Under the user postgres he installed an 'eggdrop' program
> on the machine, implementing an IRC server.
> 
> If you want to look on your servers, look for an ".elm/..." directory in
> the postgres home directory. You may discover too some processes named
> "./..." or "../ -m" running under the postgres user.
> 
> Is there any chanche, that the postgres database contains a bug giving
> shell access ? Is there any chance to trace what happens on the postgres
> port ?

Obviously a serious issue here.

This is the first time in 2.8 years I have heard any security
problem reported about PostgreSQL.  There may be some problem, but I
know of no known security problems.  Because PostgreSQL is
client/server, client processes run as normal users, and the backends
run as postgres, and there is no way I know of for a normal user to have
a backend run arbitrary code as the postgres user.

--  Bruce Momjian                        |  http://www.op.net/~candle maillist@candle.pha.pa.us            |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026