On 03/03/2014 02:00 AM, Tom Lane wrote:
Josh Berkus <j...@agliodbs.com> writes:
The only way I can see this being of real use to an attacker is if they
could use this exploit to create a wormed version of PostgresQL on the
target build system. Is that possible?
It's theoretically possible, since having broken into the build user's
account they could modify the already-built-but-not-yet-packaged PG
executables.
Having said that, though, I concur with the feeling that this probably
isn't a useful exploit in practice. On Red Hat's build systems, for
example, different packages are built in different chroots. So even if
a malicious package is being built concurrently, it could not reach the
postmaster's socket. A breakin would only be possible for somebody who
had outside-the-chroots control of the build machine ... in which case
they can hack pretty much any built package pretty much any way they
want, without need for anything as fiddly as this.
Other vendors might do things differently, but it still seems likely
that there would be easier exploits available to anyone who's managed
to get control on a machine used for package building.
I'm less worried about vendor build systems and more about roll your own
systems like Gentoo, FreeBSD ports, and Homebrew.
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
