Home > mailing lists

Re: Feature Request on Extensions - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: Feature Request on Extensions
Date	August 20, 2013 02:42:59
Msg-id	20130819234250.GF9087@momjian.us Whole thread Raw
In response to	Re: Feature Request on Extensions (Dimitri Fontaine <dimitri@2ndQuadrant.fr>)
List	pgsql-hackers

Tree view

On Mon, Aug 19, 2013 at 11:44:36PM +0200, Dimitri Fontaine wrote:
> Bruce Momjian <bruce@momjian.us> writes:
> > That's pretty vague.  Exactly what does "keys to the kingdom" mean?  If
> > it means you can do anything to the database, you are right.  If it
> > means executing arbitrary code, including arbitrary kernel calls, I
> > would like to hear how that is done.   
> 
> You've now heard about one way to do that in an off-list email, so that
> it's not in our public archives for any malicious user to find it.

Yes, agreed.  FYI, the method I listed above is public and was
discovered on an exploit website.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + It's impossible for everything to be true. +

pgsql-hackers by date:

From: Tom Lane
Date: 20 August 2013, 02:41:22
Subject: Re: danger of stats_temp_directory = /dev/shm

From: Stephen Frost
Date: 20 August 2013, 03:16:08
Subject: Re: ALTER SYSTEM SET command to change postgresql.conf parameters (RE: Proposal for Allow postgresql.conf values to be changed via SQL [review])

Re: Feature Request on Extensions - Mailing list pgsql-hackers

Previous

Next