Quick Links

Re: Privilege escalation via LOAD

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	John Heasman <john(at)ngssoftware(dot)com>
Cc:	pgsql-bugs(at)postgresql(dot)org, dl-advisories(at)ngssoftware(dot)com
Subject:	Re: Privilege escalation via LOAD
Date:	2005-01-24 16:05:20
Message-ID:	21745.1106582720@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

John Heasman <john(at)ngssoftware(dot)com> writes:
> It appears that low privileged users can invoke the LOAD extension to load
> arbitrary libraries into the postgres process space.

Hmm. Creating C functions is restricted to superusers, but I guess no
one ever noticed that LOAD isn't. On a platform where that can execute
initialization functions this does seem like a security issue.

regards, tom lane

In response to

Privilege escalation via LOAD at 2005-01-21 19:08:44 from John Heasman

Responses

Re: Privilege escalation via LOAD at 2005-01-24 16:34:04 from Peter Eisentraut

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Tom Lane	2005-01-24 16:16:54	Re: 8.0.0 gmake check fails if on disk, passes on ram disk....
Previous Message	Jeff Ross	2005-01-24 16:03:04	Re: 8.0.0 gmake check fails if on disk, passes on ram disk....