Thread: Shell Commands
Greetings.
OK, so I am going to ask a bad question, but hey, here goes:
In MSSql it is possible to run Shell commands from within Sql via any interface (suchg as JDBC) using mechanism MSSql provides....
Is this possiible in POSTGRESql? I know it is a security hole (through which many MS Servers are exploited), but was just wondering!
Anyway, thanks in advance,
Carl Olivier
On Thu, 6 Mar 2003, Carl Olivier wrote:
> OK, so I am going to ask a bad question, but hey, here goes:
>
> In MSSql it is possible to run Shell commands from within Sql via any
> interface (suchg as JDBC) using mechanism MSSql provides....
>
> Is this possiible in POSTGRESql? I know it is a security hole (through
> which many MS Servers are exploited), but was just wondering!
>
> Anyway, thanks in advance,
Could be easiest with plperlu (you need perl and plperl compiled
& installed, though):
# createlang plperlu
and after that
create or replace function do_readpipe(text) returns text as '
my $command = shift;
return `$command`;
'
language 'plperlu';
create or replace function do_shell(text) returns int as '
my $command = shift;
return system $command;
'
language 'plperlu';
select do_readpipe('cat /etc/passwd|grep root| cut -f 1-5 -d :');
do_readpipe
-----------------
root:x:0:0:root
(1 row)
ilmo=# select do_shell('echo "Hello World"|mailx antti.haapala@iki.fi');
do_shell
----------
0
(1 row)
Latter worked as expected.
--
Antti Haapala
+358 50 369 3535
ICQ: #177673735
Fortunately, NO! 3/6/2003 7:21:20 AM, "Carl Olivier" <carl@zero-one.co.za> wrote: > > > From: "Carl Olivier" <carl@zero-one.co.za> > > To: <pgsql-general@postgresql.org> > Subject:[GENERAL] Shell Commands > Date: Thu, 6 Mar 2003 17:21:20 +0200 > > > > Greetings. > > OK, so I am going to ask a bad question, but hey, here goes: > > In MSSql it is possible to run Shell commands from within Sql via any > interface (suchg as JDBC) using mechanism MSSql provides.... > > Is this possiible in POSTGRESql? I know it is a security hole (through > which many MS Servers are exploited), but was just wondering! > > Anyway, thanks in advance, > > Carl Olivier >
By default, no. But you can add that functionality if you really need it. You can either pass shell commands through one of the untrusted languages (plperlu as one person suggested) or through this PL which specifically allows you to run shell commands: http://webmail.postgresql.org/~petere/plsh.html That said, shell commands will only be executed with the permissions of the user running PostgreSQL (in most cases "postgres"). Greg ----- Original Message ----- From: "Carl Olivier" <carl@zero-one.co.za> To: <pgsql-general@postgresql.org> Sent: Thursday, March 06, 2003 10:21 AM Subject: [GENERAL] Shell Commands > Greetings. > > OK, so I am going to ask a bad question, but hey, here goes: > > In MSSql it is possible to run Shell commands from within Sql via any > interface (suchg as JDBC) using mechanism MSSql provides.... > > Is this possiible in POSTGRESql? I know it is a security hole (through > which many MS Servers are exploited), but was just wondering! > > Anyway, thanks in advance, > > Carl Olivier > >
On Thu, 6 Mar 2003, Antti Haapala wrote: > On Thu, 6 Mar 2003, Carl Olivier wrote: > > > Is this possiible in POSTGRESql? I know it is a security hole (through > > which many MS Servers are exploited), but was just wondering! > > > > Anyway, thanks in advance, > > Could be easiest with plperlu (you need perl and plperl compiled > & installed, though): > > # createlang plperlu Of course this needs to be done as db superuser. -- Antti Haapala