Re: CVE-2019-9193 about COPY FROM/TO PROGRAM

От: Alvaro Herrera
Тема: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM
Дата: ,
Msg-id: 20190401140727.GA7378@alvherre.pgsql
(см: обсуждение, исходный текст)
Ответ на: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane)
Список: pgsql-general

Скрыть дерево обсуждения

CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Daniel Verite", )
 Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
  Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
   Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
    Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
     Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Michael Paquier, )
      Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Brad Nicholson", )
       Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Andres Freund, )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Jeff Janes, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Robert Treat, )
       Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Jeremy Schneider, )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
          Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Andres Freund, )
      Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
     Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
    Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Alvaro Herrera, )

On 2019-Apr-01, Tom Lane wrote:

> Magnus Hagander <> writes:
> > On Sat, Mar 30, 2019 at 10:16 PM Tom Lane <> wrote:
> >> Yeah; this is supposing that there is a security boundary between
> >> Postgres superusers and the OS account running the server, which
> >> there is not.  We could hardly have features like untrusted PLs
> >> if we were trying to maintain such a boundary.
> 
> > I wonder if we need to prepare some sort of official response to that.
> > I was considering writing up a blog post about it, but maybe we need
> > something more official?
> 
> Blog post seems like a good idea.  As for an "official" response,
> it strikes me that maybe we need better documentation.  I'm not sure
> that we spell out anywhere what we think the security model is.
> There are plenty of scattered warnings about unsafe things, but
> if there's any specific statement equivalent to what I just
> wrote above, I can't remember where.
> 
> (By the same token, I'm not sure where would be a good place
> to put it ...)

Apparently we had a "Security" chapter in version 7.0, which got
removed, and we recently got a complaint about that:
https://postgr.es/m/

I think Peter is right that we may not want to duplicate the contents of
each section, but I think it makes sense to have a chapter in "Part III.
Server Administration", maybe just after chapters 26 or 27, where some
security considerations are put forth with references to the detailed
docs on security for each aspect of the system.

-- 
Álvaro Herrera                https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services




В списке pgsql-general по дате сообщения:

От: "Jonathan S. Katz"
Дата:
Сообщение: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM
От: Adrian Klaver
Дата:
Сообщение: Re: Gigantic load average spikes