Thread: Postgres syscalls
Hello I'm an Italian student of computer science at
University of Rome "La Sapienza". I've to analyze some
daemons which run under root privileges with a tool
developed by my departement. This tool intercepts
critical syscalls, like Execve, and blocks illegal
invocation of that primitives (E.g. Execve("/bin/sh"))
performed by a daemon which runs under root
privileges. This approach blocks buffer overflow
attacks before they can complete (or I hope so). Now,
the problem is that postgres doesn' t run under root
privileges and that the tool intercepts only the
syscalls invoked by a process with root privileges. Is
possible to force postgres to run under root
privileges? How can be done? I know my request is
anomalous but i've to do this for my laboratory
project course. I should be very grateful if you'll
answer as soon as possible.
Thank you.
Diego Talucci
______________________________________________________________________
Yahoo! Foto: salva, ritocca, condividi e ordina stampe professionali
http://it.yahoo.com/mail_it/foot/?http://it.photos.yahoo.com
On Fri, 13 Dec 2002, [iso-8859-1] Diego T. wrote:
> Hello I'm an Italian student of computer science at
> University of Rome "La Sapienza". I've to analyze some
> daemons which run under root privileges with a tool
> developed by my departement. This tool intercepts
> critical syscalls, like Execve, and blocks illegal
> invocation of that primitives (E.g. Execve("/bin/sh"))
> performed by a daemon which runs under root
> privileges. This approach blocks buffer overflow
> attacks before they can complete (or I hope so). Now,
> the problem is that postgres doesn' t run under root
> privileges and that the tool intercepts only the
> syscalls invoked by a process with root privileges. Is
> possible to force postgres to run under root
> privileges? How can be done? I know my request is
> anomalous but i've to do this for my laboratory
> project course. I should be very grateful if you'll
> answer as soon as possible.
You could probably just hack out the checks in main/main.c
and recompile, but postgres does call system and such to do
things (like create databases) so I'm not sure it'd be terribly
useful for you.
On 12 Dec 2002 at 16:09, Stephan Szabo wrote:
>
> On Fri, 13 Dec 2002, [iso-8859-1] Diego T. wrote:
>
> > Hello I'm an Italian student of computer science at
> > University of Rome "La Sapienza". I've to analyze some
> > daemons which run under root privileges with a tool
> > developed by my departement. This tool intercepts
> > critical syscalls, like Execve, and blocks illegal
> > invocation of that primitives (E.g. Execve("/bin/sh"))
> > performed by a daemon which runs under root
> > privileges. This approach blocks buffer overflow
> > attacks before they can complete (or I hope so). Now,
OK..
> > the problem is that postgres doesn' t run under root
> > privileges and that the tool intercepts only the
> > syscalls invoked by a process with root privileges. Is
> > possible to force postgres to run under root
> You could probably just hack out the checks in main/main.c
> and recompile, but postgres does call system and such to do
> things (like create databases) so I'm not sure it'd be terribly
> useful for you.
I agree. Not running root is a god idea from secutiry point of view. That way
any buffer overflow attacks would be half dead as it is.
Secondly In my understanding, buffer overflow attacks can be stopped very
effectivelyif compiler has stack smashing patches. ( Or is it kernel as well?)
And do look at strace. I feel you are shooting at same target..
HTH
ByeShridhar
--
Grinnell's Law of Labor Laxity: At all times, for any task, you have not got
enough done today.