Re: CVE-2019-9193 about COPY FROM/TO PROGRAM

От: Andres Freund
Тема: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM
Дата: ,
Msg-id: 20190402153125.zku2f26kuzfq5gsz@alap3.anarazel.de
(см: обсуждение, исходный текст)
Ответ на: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Brad Nicholson")
Ответы: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander)
Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Jeff Janes)
Список: pgsql-general

Скрыть дерево обсуждения

CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Daniel Verite", )
 Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
  Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
   Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
    Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
     Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Michael Paquier, )
      Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Brad Nicholson", )
       Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Andres Freund, )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Jeff Janes, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Robert Treat, )
       Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Jeremy Schneider, )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
          Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Andres Freund, )
      Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
     Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
    Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Alvaro Herrera, )

Hi,

On 2019-04-02 07:35:02 -0500, Brad Nicholson wrote:
> Michael Paquier <> wrote on 04/02/2019 01:05:01 AM:
> 
> > From: Michael Paquier <>
> > To: "Jonathan S. Katz" <>
> > Cc: Tom Lane <>, Magnus Hagander
> > <>, Daniel Verite <>,
> > pgsql-general <>
> > Date: 04/02/2019 01:05 AM
> > Subject: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM
> >
> > On Mon, Apr 01, 2019 at 10:04:32AM -0400, Jonathan S. Katz wrote:
> > > +1, though I’d want to see if people get noisier about it before we
> rule
> > > out an official response.
> > >
> > > A blog post from a reputable author who can speak to security should
> > > be good enough and we can make noise through our various channels.
> >
> > Need a hand?  Not sure if I am reputable enough though :)
> >
> > By the way, it could be the occasion to consider an official
> > PostgreSQL blog on the main website.  News are not really a model
> > adapted for problem analysis and for entering into technical details.
> 
> A blog post would be nice, but it seems to me have something about this
> clearly in the manual would be best, assuming it's not there already.  I
> took a quick look, and couldn't find anything.

https://www.postgresql.org/docs/devel/sql-copy.html

"Note that the command is invoked by the shell, so if you need to pass
any arguments to shell command that come from an untrusted source, you
must be careful to strip or escape any special characters that might
have a special meaning for the shell. For security reasons, it is best
to use a fixed command string, or at least avoid passing any user input
in it."

"Similarly, the command specified with PROGRAM is executed directly by
the server, not by the client application, must be executable by the
PostgreSQL user. COPY naming a file or command is only allowed to
database superusers or users who are granted one of the default roles
pg_read_server_files, pg_write_server_files, or
pg_execute_server_program, since it allows reading or writing any file
or running a program that the server has privileges to access."

Those seem reasonable to me?

Greetings,

Andres Freund




В списке pgsql-general по дате сообщения:

От: Thomas Munro
Дата:
Сообщение: Re: New LLVM JIT Features
От: Andres Freund
Дата:
Сообщение: Re: New LLVM JIT Features