Re: Building PostgreSQL old version from source to test vulnerability CVE-2017-7546

Поиск
Список
Период
Сортировка
От Julián Jiménez González
Тема Re: Building PostgreSQL old version from source to test vulnerability CVE-2017-7546
Дата
Msg-id CAANxhj+zzJ65=qmuHF1eeQKcRnM_PdOythEi+3udHE-uF9R9JQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Building PostgreSQL old version from source to testvulnerability CVE-2017-7546  (Christoph Berg <myon@debian.org>)
Список pgsql-general
Дерево обсуждения
Thanks for your answer Christoph. I've tried to do that but I can't debug it inside GDB. I configured like so:

CFLAGS="-O0 -g" ./configure --enable-debug

As I found suggested in a SO thread. Then made and installed, and when I launch gdb either like

gdb --args /usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data

or starting it normally and then attaching GDB (having found the PID with a select pg_backend_pid() ):

gdb -p <PID>

I can't get to set a breakpoint in crypt.c, for example. It theoretically loaded debugging symbols, but I can't find the .c files inside the src/ from where I built Postgres. If I try to add them:

(gdb) add-symbol-file software/postgres_dec6e47/src/backend/libpq/crypt.c
The address where software/postgres_dec6e47/src/backend/libpq/crypt.c has been loaded is missing

I suspect this has something to do with postgres having to be launched with user postgres, while gdb not, besides installing it from my normal user and not postgres. When trying to build it with postgres user, it basically complains about it not being in sudoers.

On the other hand, I tried to set up logging and I did not get any further info.

Thanks.


logo_170x100px.png

Julián Jiménez González

Investigador - Desarrollador | Área de Servicios y Aplicaciones

Researcher - Developer | Services & Applications Department

Ph. (+34) 986 120 430  Ext. 3021
jjimenez@gradiant.org  |  www.gradiant.org

Iconos Redes Sociales GRD Firma email-01  Iconos Redes Sociales GRD Firma email-02  Iconos Redes Sociales GRD Firma email-03  Iconos Redes Sociales GRD Firma email-04

Take care of the environment. Try not to print this email.
The information contained in this email message may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorized and prohibited. Please inform us immediately and destroy the email. Thank you for your cooperation.



2018-02-22 10:55 GMT+01:00 Christoph Berg <myon@debian.org>:
Re: Julián Jiménez González 2018-02-21 <CAANxhjKZKWh-Rfdh=OvUPOmobKiSm54j9MdACeKOV=y_iiaHtw@mail.gmail.com>
> I need and would greatly appreciate any help tracking this problem down.

I'd try setting gdb breakpoints on the relevant code lines/functions.

If it helps, old Ubuntu packages are available there:
http://atalia.postgresql.org/morgue/
https://wiki.postgresql.org/wiki/Apt/FAQ#Where_are_older_versions_of_the_packages.3F

Christoph

В списке pgsql-general по дате отправления:

Предыдущее
От: Christoph Berg
Дата:
Сообщение: Re: Building PostgreSQL old version from source to testvulnerability CVE-2017-7546
Следующее
От: David Steele
Дата:
Сообщение: Re: initdb when data/ folder has mount points