Home > mailing lists

Re: logfile subprocess and Fancy File Functions - Mailing list pgsql-patches

From	Bruce Momjian
Subject	Re: logfile subprocess and Fancy File Functions
Date	July 24, 2004 16:55:29
Msg-id	200407241655.i6OGtEp13717@candle.pha.pa.us Whole thread Raw
In response to	Re: logfile subprocess and Fancy File Functions (Andrew Dunstan <andrew@dunslane.net>)
List	pgsql-patches

Tree view

Andrew Dunstan wrote:
>
>
> Bruce Momjian wrote:
>
> >As a super-user, could an attacker load a server-side language and
> >access the backend environment variable PGDATA.
> >
> >
>
> plperl won't do it, but plperlu will (as expected I guess). But the
> superuser will have to jump through some explicit hoops in order to get
> there, which is different from providing such facilities out of the box.

I am thinking they could easily use pgtcl.  I don't think the hoops are
very high.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

pgsql-patches by date:

From: Andrew Dunstan
Date: 24 July 2004, 16:53:06
Subject: Re: logfile subprocess and Fancy File Functions

From: Bruce Momjian
Date: 24 July 2004, 17:05:35
Subject: Re: logfile subprocess and Fancy File Functions

Re: logfile subprocess and Fancy File Functions - Mailing list pgsql-patches

Previous

Next