On Tue, 30 Jul 2002, Lamar Owen wrote: > On Tuesday 30 July 2002 02:34 pm, Tom Lane wrote: > > > Who said anything about poisoning the environment? My point was that > > there will be strings in the environment that were put there perfectly > > legitimately, but could still serve as an attack vehicle. > > I said it. In any case, using strings that are in the environment > requires an untrusted PL, or a C function.
Ah. See, we already have a failure in a security analysis here. This command: CREATE DATABASE foo WITH LOCATION = 'BAR' uses a string that's in the environment. > Regardless, if such a hole was exploited the only security risk to > the system at large is that posed by the postgres user, which, IMHO, > shouldn't even have write access to its own executables. So what you're saying is that we should make the opportunity for people to configure the system in an insecure manner? Configuration errors by administrators are probably the number one cause of security breaches, you know. > I wouldn't mind seeing an example of such an exploit, for > educational purposes. I don't have one. But consider a couple of possibilities: 1. The exploit can't exist until someone adds more code to postgres. So maybe it doesn't exist in 7.3, but will appear in 7.4. 2. The exploit is there, but nobody has figured it out yet. The recent BIND resolver library vulnerability has been in that code for at least ten years, but it was only last month that someone figured out that it was even there, much less how to exploit it. I've been securing systems since I started an ISP in 1995, and so I've seen a lot of security vulnerabilities come and go, and I've got a bit of a feel for what kinds of things are typically exploited. And this one one just screams, "potential security vulnerability!" to me. cjs -- Curt Sampson <[EMAIL PROTECTED]> +81 90 7737 2974 http://www.netbsd.org Don't you know, in this new Dark Age, we're all light. --XTC ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster