Security hole in PL/pgSQL
| От | Jan Wieck |
|---|---|
| Тема | Security hole in PL/pgSQL |
| Дата | |
| Msg-id | 200101291507.KAA03199@jupiter.greatbridge.com обсуждение исходный текст |
| Ответы |
Re: Security hole in PL/pgSQL
|
| Список | pgsql-hackers |
Damn, the new EXECUTE command in PL/pgSQL is a security hole. PL/pgSQL is a trusted procedural language, meaning that regular users can write code in it. With the new EXECUTE command, someone could read and write arbitrary files under the postgres UNIX-userid using the COPY command. So it's easy to overwrite the hba config file for regular users. I think we have to restrict the usage of EXECUTE inside of function to DB superusers. Meaning, the owner of the function using EXECUTE must be superuser, notthe actual invoker. More damned - PL/Tcl has the same functionality since ever. And there it isn't that easy to restrict, since it hasa much more generalized SPI interface. What do we do in this case? Jan -- #======================================================================# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #================================================== JanWieck@Yahoo.com # _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
В списке pgsql-hackers по дате отправления: