"Thomas G. Lockhart" <lockhart@alumni.caltech.edu> writes:
> I found this item on a list of security vulnerabilities:
> mysql(1114) Remote stack overflow, create world-writable root-owned
> files
> (Port 1114 is mysql's listening port). I guess Postgres doesn't have a
> vulnerability for root ownership since nothing we do is run under the
> root account, right?
Not unless someone ignores the instructions and installs it to run as
root :-(
> Are we vulnerable to stack or buffer overflows with our on the wire
> protocol?
The postmaster seems to be secure against that --- pqpacket.c will
reject oversize packets out of hand. The backend used to have an
off-by-one bug in pq_getstr, such that an overlength query would write
one byte past the end of the query buffer, but that's been fixed (it'd
be hard to exploit anyway). libpq is careful about this sort of
thing also, although I suspect you could force a client application
crash by sending a query response large enough to exhaust memory :-(
Of course, a bad guy who's able to get past the postmaster's
authorization checks can do you far more damage by messing up your
database than by just crashing a particular backend or client...
regards, tom lane