Participants
Hadley Willan
Hadley Willan
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1Hadley WillanHadley Willan
Feb 25, 2003
#2Tom LaneTom Laneto Hadley Willan (#1)
Feb 26, 2003
#3Hadley WillanHadley Willanto Tom Lane (#2)
Feb 26, 2003

Why are absolute paths considered a security risk?

Started by Hadley Willanabout 23 years ago3 messagesgeneral
Jump to latest
#1Hadley Willan
Hadley Willan
hadley.willan@deeperdesign.co.nz

The documentation (7.2.1) mentions that allowing absolute paths when
creating a db is a security risk and is off by default.

However, it seems fairly hard to exploit, and I was wondering if anybody
has any examples of how much of a risk this is?

Reason I ask is we're considering turning them on in our server and want
to consider these risks.

Thank You.
--
Hadley Willan > Systems Development > Deeper Design Limited. +64(7)377-3328
hadley.willan@deeperdesign.co.nz > www.deeperdesign.com > +64(21)-28-41-463
Level 1, 4 Tamamutu St, PO Box 90, TAUPO 2730, New Zealand.

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Hadley Willan (#1)
Re: Why are absolute paths considered a security risk?

Hadley Willan <hadley.willan@deeperdesign.co.nz> writes:

The documentation (7.2.1) mentions that allowing absolute paths when
creating a db is a security risk and is off by default.
However, it seems fairly hard to exploit, and I was wondering if anybody
has any examples of how much of a risk this is?
Reason I ask is we're considering turning them on in our server and want
to consider these risks.

The difficulty is that someone who is allowed to create databases (but
isn't necessarily a superuser) will be able to cause the backend to
scribble in any directory that the postgres user has write access to.
The potential damage is somewhat limited since "base/DBOID" gets tacked
onto the user-specified string, and the user has little if any control
over the DBOID part. Still, it's a risk.

regards, tom lane

#3Hadley Willan
Hadley Willan
hadley.willan@deeperdesign.co.nz
In reply to: Tom Lane (#2)
Re: Why are absolute paths considered a security risk?

Okay, this is fairly minor, and in our situation non-existant
considering that the only user capable of creating databases is
postgres.

Thanks for your help.

Hadley

On Wed, 2003-02-26 at 13:31, Tom Lane wrote:

Hadley Willan <hadley.willan@deeperdesign.co.nz> writes:

The documentation (7.2.1) mentions that allowing absolute paths when
creating a db is a security risk and is off by default.
However, it seems fairly hard to exploit, and I was wondering if anybody
has any examples of how much of a risk this is?
Reason I ask is we're considering turning them on in our server and want
to consider these risks.

The difficulty is that someone who is allowed to create databases (but
isn't necessarily a superuser) will be able to cause the backend to
scribble in any directory that the postgres user has write access to.
The potential damage is somewhat limited since "base/DBOID" gets tacked
onto the user-specified string, and the user has little if any control
over the DBOID part. Still, it's a risk.

regards, tom lane

--
Hadley Willan > Systems Development > Deeper Design Limited. +64(7)377-3328
hadley.willan@deeperdesign.co.nz > www.deeperdesign.com > +64(21)-28-41-463
Level 1, 4 Tamamutu St, PO Box 90, TAUPO 2730, New Zealand.

← Back to Topics