Thread: postgresql-contrib risks?

postgresql-contrib risks?

From
Andre Felipe Machado
Date:
Hello,
My hosting provider is unwilling to install postgresql-contrib package,
fearing that it will negatively impact other users, brake their sites, or
security flaws and so on.
Are there any risks involved?
I need pgcrypto digest function. Is there a "no risk" install procedure.
If he installs only the pgcrypto, not the whole contrib package, are there
risks remaining?
Regards.
Andre Felipe

Re: postgresql-contrib risks?

From
Martijn van Oosterhout
Date:
Generally, the stuff in pgcontrib, when installed, only affect a single
database. Any external C code is implemented as shared libraries and is
loaded on demand. For databases not configured, they won't even see
them.

As for security risks, this is the only real issue. The code is not in
the main server and so may not have been checked as thoroughly. The
pgcrypto module is (AFAIK) just a group of standard algorithms so I'd
be surprised if there were any issues there.

One question though, if you are granted filesystem access to the
server, there's no reason why you couldn't just get the pgcrypto module
in your home directory and load it into the server yourself. I think
all you need is superuser access to your database to loaded untrusted
modules...

Hope this helps,

On Thu, Jan 06, 2005 at 01:28:18PM +0000, Andre Felipe Machado wrote:
> Hello,
> My hosting provider is unwilling to install postgresql-contrib package,
> fearing that it will negatively impact other users, brake their sites, or
> security flaws and so on.
> Are there any risks involved?
> I need pgcrypto digest function. Is there a "no risk" install procedure.
> If he installs only the pgcrypto, not the whole contrib package, are there
> risks remaining?
> Regards.
> Andre Felipe
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
>                http://archives.postgresql.org

--
Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.

Attachment

Re: postgresql-contrib risks?

From
Bruno Wolff III
Date:
On Thu, Jan 06, 2005 at 15:09:54 +0100,
  Martijn van Oosterhout <kleptog@svana.org> wrote:
>
> One question though, if you are granted filesystem access to the
> server, there's no reason why you couldn't just get the pgcrypto module
> in your home directory and load it into the server yourself. I think
> all you need is superuser access to your database to loaded untrusted
> modules...

Hopefully his provider doesn't let people install functions written in
untrusted languages. pgcrypto uses C functions and he will probably need
his provider to load it for him.

If there is some trusted language installed that he has access to, he may
be able to create a function in that language that does what he wants.
He doesn't need file system access to do that.