Matthias Schmitt <freak001@mmp.lu> writes:
> this night we discovered here a strange behaviour on our servers. Somebody
> managed to get access to the UNIX shell using the 'postgres' db
> administrator account. He logged in some machines with a single try !
Ugh. Depressing news, if accurate. But you should not rule out the
possibility that the security failure was elsewhere.
What version of Postgres are you running? (6.4 and later are inherently
more secure than prior releases, since they don't do an exec() while
forking a backend server process.)
After a few minutes' thought, the only attack paths that come to mind
require access to postgres superuser rights. (For example, "COPY TO
filename" could potentially overwrite any file writable by the postgres
userid, but that operation is only allowed to a database user who's
logged in as the postgres superuser.) Do you have access permissions
set up to ensure that an unguessable password must be supplied to
log into Postgres as superuser?
As a short-term defense until you know exactly what happened, I'd
suggest modifying Postgres' pg_hba.conf file to restrict access
as much as possible. In particular the Postgres superuser should
only be allowed to log in from trustworthy local machines.
regards, tom lane
