[BUGS] 】
| От | postgresql_2016@163.com |
|---|---|
| Тема | [BUGS] 】 |
| Дата | |
| Msg-id | 1505549162782-0.post@n3.nabble.com обсуждение исходный текст |
| Ответы |
Re: [BUGS] 】
(Tomas Vondra <tomas.vondra@2ndquadrant.com>)
|
| Список | pgsql-bugs |
1、Through our security test, we find the *copy from* command can read any
files from the server if it has the read permission,for example, /etc/passwd
file. Although, the pg_read_file or pg_read_binary_file function restricts
the file read path, which only can read files from the PGDATA directory.
For example, the next example can read the server file.
[postgres@X86C136 ~]$ psql postgres -p 5432
psql (9.2.22)
Type "help" for help.
postgres=# create table test(va varchar);
CREATE TABLE
postgres=# copy test from '/etc/passwd';
COPY 37
postgres=# select * from test; va
-----------------------------------------------------------------------------------------------------root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologinftp:x:14:50:FTP
User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologinsystemd-bus-proxy:x:999:997:systemdBus
Proxy:/:/sbin/nologinsystemd-network:x:192:192:systemdNetwork Management:/:/sbin/nologindbus:x:81:81:System message
bus:/:/sbin/nologinpolkitd:x:998:996:Userfor polkitd:/:/sbin/nologintss:x:59:59:Account used by the trousers package to
sandboxthe tcsd
daemon:/dev/null:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinsshd:x:74:74:Privilege-separated
SSH:/var/empty/sshd:/sbin/nologinchrony:x:997:995::/var/lib/chrony:/sbin/nologinpostgres:x:1000:1000::/home/postgres:/bin/bashhsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologindavinci:x:1001:1001::/home/davinci:/bin/bashtcpdump:x:72:72::/:/sbin/nologincassandra:x:1002:1002::/home/cassandra:/bin/bashusbmuxd:x:113:113:usbmuxd
user:/:/sbin/nologinrpc:x:32:32:RpcbindDaemon:/var/lib/rpcbind:/sbin/nologinqemu:x:107:107:qemu
user:/:/sbin/nologinapache:x:48:48:Apache:/usr/share/httpd:/sbin/nologinpcp:x:996:994:Performance
Co-Pilot:/var/lib/pcp:/sbin/nologinsaslauth:x:995:76:Saslauthduser:/run/saslauthd:/sbin/nologinsssd:x:994:993:User for
sssd:/:/sbin/nologinunbound:x:993:992:UnboundDNS resolver:/etc/unbound:/sbin/nologinrpcuser:x:29:29:RPC Service
User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:AnonymousNFS User:/var/lib/nfs:/sbin/nologinradvd:x:75:75:radvd
user:/:/sbin/nologin
(37 rows)
postgres=# select version(); version
----------------------------------------------------------------------------------------------------------------PostgreSQL
9.2.22on x86_64-unknown-linux-gnu, compiled by gcc (GCC) 4.8.5
20150623 (Red Hat 4.8.5-11), 64-bit
(1 row)
2、Also, another command "copy to" can write any files in the server if it
has the write privileges.
For example, when copy the table test to the postgresql.conf file, it
will modifiy the postgresql.conf file.
[postgres@X86C136 data]$ psql -d postgres -p 5432
psql (9.2.22)
Type "help" for help.
postgres=# copy test to '/home/postgres/data/postgresql.conf';
COPY 37
postgres=#
3、So, I think we should restrict the copy directory like pg_read_file or
pg_read_binary_file function.
--
Sent from: http://www.postgresql-archive.org/PostgreSQL-bugs-f2117394.html
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs
В списке pgsql-bugs по дате отправления: