Re: Bugtraq: Having Fun With PostgreSQL - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: Bugtraq: Having Fun With PostgreSQL
Date
Msg-id 20070626213021.GJ7531@tamriel.snowman.net
Whole thread Raw
In response to Re: Bugtraq: Having Fun With PostgreSQL  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Gregory Stark <stark@enterprisedb.com> writes:
> > All that really has to happen is that dblink should by default not be
> > callable by any user other than Postgres.
>
> Yeah, that is not an unreasonable change.  Someone suggested it far
> upthread, but we seem to have gotten distracted :-(

Indeed, I know I did, though I think there were others also. :)

> > The only problem with this is that dblink provides 36 different functions
>
> I think just having the install script revoke public execute access
> on the connection-establishing functions would be sufficient.  There
> are only two of 'em.

Agreed.  We might want to mention this issue in the documentation
somewhere also, though I'm not really sure where. :/  Basically:

"Be very careful with functions which allow a user to make a remote
connection (eg: dblink).  When ident is used as an authentication
mechanism it may be possible for a regular user to gain superuser
priviledges.  Functions run in the database backend, which runs as
the OS user the backend was started under.  Therefore, connections from
the database backend will be authenticated as the OS user the backend
was started under would be- which using ident generally means a
password-less connection to the database superuser account by means of a
local filesystem socket."
Thanks,
    Stephen

pgsql-hackers by date:

Previous
From: Greg Smith
Date:
Subject: Re: Bgwriter LRU cleaning: we've been going at this all wrong
Next
From: Gregory Stark
Date:
Subject: Re: Bugtraq: Having Fun With PostgreSQL