Re: Proposal: template-ify (binary) extensions - Mailing list pgsql-hackers

From Markus Wanner
Subject Re: Proposal: template-ify (binary) extensions
Date
Msg-id 51ECDBA1.7010508@bluegap.ch
Whole thread Raw
In response to Re: Proposal: template-ify (binary) extensions  (Hannu Krosing <hannu@2ndQuadrant.com>)
List pgsql-hackers
On 07/22/2013 12:11 AM, Hannu Krosing wrote:
>> Dropping this barrier by installing an untrusted PL (or equally insecure
>> extensions), an attacker with superuser rights can trivially gain
>> root.
> Could you elaborate ?
> 
> This is equivalent to claiming that any linux user can trivially gain root.

Uh. Sorry, you're of course right, the attacker can only gain postgres
rights in that case. Thanks for correcting.

The point still holds. It's another layer that an attacker would have to
overcome.

>>> You already mentioned untrusted PL languages, and I don't see any
>>> difference in between offering PL/pythonu and PL/C on security grounds,
>>> really.
>> I agree. However, this also means that any kind of solution it offers is
>> not a good one for the security conscious sysadmin.
> This is usually the case with a "security conscious sysadmin" - they very
> seldom want to install anything.

Exactly. That's why I'm favoring solutions that don't require any
extension and keep the guarantee of preventing arbitrary native code.

Regards

Markus Wanner



pgsql-hackers by date:

Previous
From: Craig Ringer
Date:
Subject: Re: Wal sync odirect
Next
From: Kyotaro HORIGUCHI
Date:
Subject: Re: Reduce maximum error in tuples estimation after vacuum.