Shell Commands
Greetings.
OK, so I am going to ask a bad question, but hey, here goes:
In MSSql it is possible to run Shell commands from within Sql via any
interface (suchg as JDBC) using mechanism MSSql provides....
Is this possiible in POSTGRESql? I know it is a security hole (through
which many MS Servers are exploited), but was just wondering!
Anyway, thanks in advance,
Carl Olivier
On Thu, 6 Mar 2003, Carl Olivier wrote:
OK, so I am going to ask a bad question, but hey, here goes:
In MSSql it is possible to run Shell commands from within Sql via any
interface (suchg as JDBC) using mechanism MSSql provides....Is this possiible in POSTGRESql? I know it is a security hole (through
which many MS Servers are exploited), but was just wondering!Anyway, thanks in advance,
Could be easiest with plperlu (you need perl and plperl compiled
& installed, though):
# createlang plperlu
and after that
create or replace function do_readpipe(text) returns text as '
my $command = shift;
return `$command`;
'
language 'plperlu';
create or replace function do_shell(text) returns int as '
my $command = shift;
return system $command;
'
language 'plperlu';
select do_readpipe('cat /etc/passwd|grep root| cut -f 1-5 -d :');
do_readpipe
-----------------
root:x:0:0:root
(1 row)
ilmo=# select do_shell('echo "Hello World"|mailx antti.haapala@iki.fi');
do_shell
----------
0
(1 row)
Latter worked as expected.
--
Antti Haapala
+358 50 369 3535
ICQ: #177673735
Fortunately, NO!
3/6/2003 7:21:20 AM, "Carl Olivier" <carl@zero-one.co.za> wrote:
Show quoted text
From: "Carl Olivier" <carl@zero-one.co.za>
To: <pgsql-general@postgresql.org>
Subject:[GENERAL] Shell Commands
Date: Thu, 6 Mar 2003 17:21:20 +0200Greetings.
OK, so I am going to ask a bad question, but hey, here goes:
In MSSql it is possible to run Shell commands from within Sql via any
interface (suchg as JDBC) using mechanism MSSql provides....Is this possiible in POSTGRESql? I know it is a security hole (through
which many MS Servers are exploited), but was just wondering!Anyway, thanks in advance,
Carl Olivier
By default, no. But you can add that functionality if you really need it.
You can either pass shell commands through one of the untrusted languages
(plperlu as one person suggested) or through this PL which specifically
allows you to run shell commands:
http://webmail.postgresql.org/~petere/plsh.html
That said, shell commands will only be executed with the permissions of the
user running PostgreSQL (in most cases "postgres").
Greg
----- Original Message -----
From: "Carl Olivier" <carl@zero-one.co.za>
To: <pgsql-general@postgresql.org>
Sent: Thursday, March 06, 2003 10:21 AM
Subject: [GENERAL] Shell Commands
Show quoted text
Greetings.
OK, so I am going to ask a bad question, but hey, here goes:
In MSSql it is possible to run Shell commands from within Sql via any
interface (suchg as JDBC) using mechanism MSSql provides....Is this possiible in POSTGRESql? I know it is a security hole (through
which many MS Servers are exploited), but was just wondering!Anyway, thanks in advance,
Carl Olivier
On Thu, 6 Mar 2003, Antti Haapala wrote:
On Thu, 6 Mar 2003, Carl Olivier wrote:
Is this possiible in POSTGRESql? I know it is a security hole (through
which many MS Servers are exploited), but was just wondering!Anyway, thanks in advance,
Could be easiest with plperlu (you need perl and plperl compiled
& installed, though):# createlang plperlu
Of course this needs to be done as db superuser.
--
Antti Haapala