Re: Why does Postgres need the /bin/sh?

On Sat, 4 May 2002, Tom Lane wrote:

> Stephen Amadei <amadei@dandy.net> writes:
> > However, if someone was to know that Postgres needs a /bin/rm, an exploit
> > could be created that runs /bin/rm instead of /bin/sh and trashes the
> > databases postgres owns.  Of course, this is a big IF.  ;-)
>
> The attacker won't be able to do any of this unless he's already managed
> to connect to the database, no?

Besides dbcommands.c, I have not looked over any Postgres code, so I
cannot be certain of what happens between socket connection and
authentication.  I'm just paranoid.  ;-)

> There are much easier ways to zap your
> data at the SQL level.

This assumes the user authenticated.  If the user authenticates, I
couldn't care less if they trash their own database via SQL.

> Sorry but I'm having a hard time getting excited
> about this proposition...

I don't blame you... it looks hard to do.  Maybe I'll try it later if I
get the time... for now I'm trying to wring out the last bugs of the
fork/execl change.

                    ----Steve
Stephen Amadei
Dandy.NET!  CTO
Atlantic City, NJ