[BUGS] 】
От | postgresql_2016@163.com |
---|---|
Тема | [BUGS] 】 |
Дата | |
Msg-id | 1505549162782-0.post@n3.nabble.com обсуждение исходный текст |
Ответы |
Re: [BUGS] 】
(Tomas Vondra <tomas.vondra@2ndquadrant.com>)
|
Список | pgsql-bugs |
1、Through our security test, we find the *copy from* command can read any files from the server if it has the read permission,for example, /etc/passwd file. Although, the pg_read_file or pg_read_binary_file function restricts the file read path, which only can read files from the PGDATA directory. For example, the next example can read the server file. [postgres@X86C136 ~]$ psql postgres -p 5432 psql (9.2.22) Type "help" for help. postgres=# create table test(va varchar); CREATE TABLE postgres=# copy test from '/etc/passwd'; COPY 37 postgres=# select * from test; va -----------------------------------------------------------------------------------------------------root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologinsystemd-bus-proxy:x:999:997:systemdBus Proxy:/:/sbin/nologinsystemd-network:x:192:192:systemdNetwork Management:/:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinpolkitd:x:998:996:Userfor polkitd:/:/sbin/nologintss:x:59:59:Account used by the trousers package to sandboxthe tcsd daemon:/dev/null:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinchrony:x:997:995::/var/lib/chrony:/sbin/nologinpostgres:x:1000:1000::/home/postgres:/bin/bashhsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologindavinci:x:1001:1001::/home/davinci:/bin/bashtcpdump:x:72:72::/:/sbin/nologincassandra:x:1002:1002::/home/cassandra:/bin/bashusbmuxd:x:113:113:usbmuxd user:/:/sbin/nologinrpc:x:32:32:RpcbindDaemon:/var/lib/rpcbind:/sbin/nologinqemu:x:107:107:qemu user:/:/sbin/nologinapache:x:48:48:Apache:/usr/share/httpd:/sbin/nologinpcp:x:996:994:Performance Co-Pilot:/var/lib/pcp:/sbin/nologinsaslauth:x:995:76:Saslauthduser:/run/saslauthd:/sbin/nologinsssd:x:994:993:User for sssd:/:/sbin/nologinunbound:x:993:992:UnboundDNS resolver:/etc/unbound:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:AnonymousNFS User:/var/lib/nfs:/sbin/nologinradvd:x:75:75:radvd user:/:/sbin/nologin (37 rows) postgres=# select version(); version ----------------------------------------------------------------------------------------------------------------PostgreSQL 9.2.22on x86_64-unknown-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-11), 64-bit (1 row) 2、Also, another command "copy to" can write any files in the server if it has the write privileges. For example, when copy the table test to the postgresql.conf file, it will modifiy the postgresql.conf file. [postgres@X86C136 data]$ psql -d postgres -p 5432 psql (9.2.22) Type "help" for help. postgres=# copy test to '/home/postgres/data/postgresql.conf'; COPY 37 postgres=# 3、So, I think we should restrict the copy directory like pg_read_file or pg_read_binary_file function. -- Sent from: http://www.postgresql-archive.org/PostgreSQL-bugs-f2117394.html -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
В списке pgsql-bugs по дате отправления: