Return-Path: pg_adm@postgres.berkeley.edu
Received: by postgres.Berkeley.EDU (5.61/1.29)
	id AA10503; Wed, 13 May 92 03:35:52 -0700
Message-Id: <9205131035.AA10503@postgres.Berkeley.EDU>
From: schoenw@ibr.cs.tu-bs.de (Juergen Schoenwaelder)
Subject: security & dynamic loader
To: postgres@postgres.berkeley.edu
Sender: pg_adm@postgres.berkeley.edu
To: postgres@postgres.berkeley.edu (Postgres Mailing List)
Date: Wed, 13 May 92 11:32:23 MET DST

Hi!

I just found another security problem in postgres. Using the
dynamic loader one can write an adt the performs something like
system("xterm") and you will get a shell under postgres rights.
The dynamic loader links everything that is readable.

I just put some code in the dynamic loader, so that the .o
files must be owned by the backend himself. But this is not an
optimal solution since everyone developing an adt must install
it under postgres rights.

Any suggestions?

						Juergen

---
Juergen Schoenwaelder   (schoenw@ibr.cs.tu-bs.de)
Technische Universitaet Braunschweig, Inst. f. Betriebssysteme & Rechnerverbund
Bueltenweg 74/75,  3300 Braunschweig, Germany, Tel. +49 531 / 391-3249