On Mon, Mar 16, 2009 at 08:50:36PM -0400, Tom Lane wrote:
> Heikki Linnakangas <heikki.linnakangas@enterprisedb.com> writes:
> > Hmm, I wonder if you could do something malicious with it.
>
> There are any number of scenarios where exposing the client command-line
> contents to other database users represents a security hole, quite
> independently of whether anything falls over depending on the line
> contents. (I wonder whether there are any Oracle clients that accept
> a password on the command line, for instance.)
Note that you're talking about the whole command line, whereas oracle
apparently talks about the "program name" (argv[0]). Normally the
commandline in memory has NUL characters between the arguments, with
the part to the first NUL being the program name, like so:
# cat /proc/3793/cmdline |hexdump -C
00000000 2f 73 62 69 6e 2f 64 68 63 6c 69 65 6e 74 00 2d |/sbin/dhclient.-|
00000010 31 00 2d 6c 66 00 2f 76 61 72 2f 6c 69 62 2f 64 |1.-lf./var/lib/d| ^^ ^^
Whereas postgresql, in munging it's command line uses *spaces* between
each bit, meaning that anyone looking for the "program name" (argv[0])
is going to get the whole line. Example:
# cat /proc/4472/cmdline |hexdump -C
00000000 70 6f 73 74 67 72 65 73 3a 20 77 72 69 74 65 72 |postgres: writer|
00000010 20 70 72 6f 63 65 73 73 20 20 20 00 00 00 00 00 | process .....| ^^ ^^ ^^
Maybe someone could check if replacing the first space with a NUL
works. It shouldn't effect the ps output.
Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> Please line up in a tree and maintain the heap invariant while
> boarding. Thank you for flying nlogn airlines.