On Thu, Apr 11, 2013 at 06:24:54PM +0100, Thom Brown wrote:
> On 11 April 2013 18:15, Selena Deckelmann <selena@chesnok.com> wrote:
> >
> >
> >
> > On Thu, Apr 11, 2013 at 8:05 AM, Bruce Momjian <bruce@momjian.us> wrote:
> >>
> >> On Thu, Apr 11, 2013 at 07:51:01AM -0700, Robert Bernier wrote:
> >> > Comments?
> >> >
> >> > http://blog.blackwinghq.com/2013/04/08/2/
> >>
> >> It is interesting how they try to combine the write ability to a web
> >> server or postgres .profile file; I find the .profile particularly
> >> nasty.
> >
> >
> > Yup. It's maybe an argument for chroot'ing the server to the $PGDATA
> > directory. I realize that's probably not reasonable for stuff like
> > extensions right now.
> >
> > Also, a related best practice is keeping track of all the files that are in
> > home directories of privileged users with something like Puppet or Chef --
> > so even if an attacker *does* overwrite a file like this, automation will
> > wipe it out.
>
> Couldn't you deny write-access to .profile to the postgres user?
You could, but they could create .bashrc, .bash_profile, or
.bash_logout, which would cause the same problem.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +