On Mon, Mar 16, 2009 at 08:50:36PM -0400, Tom Lane wrote: > Heikki Linnakangas <[email protected]> writes: > > Hmm, I wonder if you could do something malicious with it. > > There are any number of scenarios where exposing the client command-line > contents to other database users represents a security hole, quite > independently of whether anything falls over depending on the line > contents. (I wonder whether there are any Oracle clients that accept > a password on the command line, for instance.)
Note that you're talking about the whole command line, whereas oracle
apparently talks about the "program name" (argv[0]). Normally the
commandline in memory has NUL characters between the arguments, with
the part to the first NUL being the program name, like so:
# cat /proc/3793/cmdline |hexdump -C
00000000 2f 73 62 69 6e 2f 64 68 63 6c 69 65 6e 74 00 2d |/sbin/dhclient.-|
00000010 31 00 2d 6c 66 00 2f 76 61 72 2f 6c 69 62 2f 64 |1.-lf./var/lib/d|
^^ ^^
Whereas postgresql, in munging it's command line uses *spaces* between
each bit, meaning that anyone looking for the "program name" (argv[0])
is going to get the whole line. Example:
# cat /proc/4472/cmdline |hexdump -C
00000000 70 6f 73 74 67 72 65 73 3a 20 77 72 69 74 65 72 |postgres: writer|
00000010 20 70 72 6f 63 65 73 73 20 20 20 00 00 00 00 00 | process .....|
^^ ^^ ^^
Maybe someone could check if replacing the first space with a NUL
works. It shouldn't effect the ps output.
Have a nice day,
--
Martijn van Oosterhout <[email protected]> http://svana.org/kleptog/
> Please line up in a tree and maintain the heap invariant while
> boarding. Thank you for flying nlogn airlines.
signature.asc
Description: Digital signature
