On Sat, 4 May 2002, Tom Lane wrote:
> Stephen Amadei <amadei@dandy.net> writes:
> > However, if someone was to know that Postgres needs a /bin/rm, an exploit
> > could be created that runs /bin/rm instead of /bin/sh and trashes the
> > databases postgres owns. Of course, this is a big IF. ;-)
>
> The attacker won't be able to do any of this unless he's already managed
> to connect to the database, no?
Besides dbcommands.c, I have not looked over any Postgres code, so I
cannot be certain of what happens between socket connection and
authentication. I'm just paranoid. ;-)
> There are much easier ways to zap your
> data at the SQL level.
This assumes the user authenticated. If the user authenticates, I
couldn't care less if they trash their own database via SQL.
> Sorry but I'm having a hard time getting excited
> about this proposition...
I don't blame you... it looks hard to do. Maybe I'll try it later if I
get the time... for now I'm trying to wring out the last bugs of the
fork/execl change.
----Steve
Stephen Amadei
Dandy.NET! CTO
Atlantic City, NJ