FW: [ppa-dev] Severe bug in debian - phppgadmin opens up

FW: [ppa-dev] Severe bug in debian - phppgadmin opens up

Post by Lincoln Ye » Thu, 29 Nov 2001 19:11:58





>> ... But because we are Internet-enabled,
>> and because our insecurity is only local, it seems OK to people.

>It's not that it's "okay", it's that we haven't got any good
>alternatives.  Password auth sucks from a convenience point of view
>(or even from a possibility point of view, for scripts; don't forget
>the changes that you yourself recently applied to guarantee that a
>script *cannot* supply a password to psql).  Ident auth doesn't work,

Ack. We can't send in passwords to psql anymore? :(

Is there a safe way to send username and password to psql?

Cheerio,
Link.

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate

message can get through to the mailing list cleanly

 
 
 

FW: [ppa-dev] Severe bug in debian - phppgadmin opens up

Post by Hannu Krosi » Fri, 30 Nov 2001 00:27:16





> >> ... But because we are Internet-enabled,
> >> and because our insecurity is only local, it seems OK to people.

> >It's not that it's "okay", it's that we haven't got any good
> >alternatives.  Password auth sucks from a convenience point of view
> >(or even from a possibility point of view, for scripts; don't forget
> >the changes that you yourself recently applied to guarantee that a
> >script *cannot* supply a password to psql).  Ident auth doesn't work,

> Ack. We can't send in passwords to psql anymore? :(

> Is there a safe way to send username and password to psql?

smbclient does it via a file which must be 0600, but I don't know if
psql has anything like that.

-----------
Hannu

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command


 
 
 

FW: [ppa-dev] Severe bug in debian - phppgadmin opens up

Post by Tom La » Fri, 30 Nov 2001 00:42:35




>> ...  Password auth sucks from a convenience point of view
>> (or even from a possibility point of view, for scripts; don't forget
>> the changes that you yourself recently applied to guarantee that a
>> script *cannot* supply a password to psql).
> Ack. We can't send in passwords to psql anymore? :(

Well, Bruce, you were the one that was hot to make that /dev/tty change.
Time to defend it.

Quote:> Is there a safe way to send username and password to psql?

If you want to put those things in a script, you could still do

        export PGUSER=whatever
        export PGPASSWORD=whatever
        psql ...

This would actually work a lot better than other ways for cases such
as doing pg_dumpall, where you'd otherwise need to supply the password
multiple times.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command

 
 
 

FW: [ppa-dev] Severe bug in debian - phppgadmin opens up

Post by Tom La » Fri, 30 Nov 2001 01:33:52



> But this way the password ends up in the environment, which on many
> systems is visible to other processes/users (via /proc or the 'ps'
> command).

Your *environment* is visible to other users?  Geez, what a broken
system ...

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/users-lounge/docs/faq.html

 
 
 

FW: [ppa-dev] Severe bug in debian - phppgadmin opens up

Post by Doug McNaug » Fri, 30 Nov 2001 01:37:38



> > Is there a safe way to send username and password to psql?

> If you want to put those things in a script, you could still do

>    export PGUSER=whatever
>    export PGPASSWORD=whatever
>    psql ...

But this way the password ends up in the environment, which on many
systems is visible to other processes/users (via /proc or the 'ps'
command).  Might as well use "trust"...

-Doug
--
Let us cross over the river, and rest under the shade of the trees.
   --T. J. Jackson, 1863

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command

 
 
 

FW: [ppa-dev] Severe bug in debian - phppgadmin opens up

Post by Zeugswetter Andreas SB S » Fri, 30 Nov 2001 02:02:18



> > But this way the password ends up in the environment, which on many
> > systems is visible to other processes/users (via /proc or the 'ps'
> > command).

> Your *environment* is visible to other users?  Geez, what a broken
> system ...

Try "ps axewww" ? Doesn't work on your platform ?
Works on AIX, Linux?, ...

Andreas

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/users-lounge/docs/faq.html

 
 
 

FW: [ppa-dev] Severe bug in debian - phppgadmin opens up

Post by Doug McNaug » Fri, 30 Nov 2001 02:12:16




> > But this way the password ends up in the environment, which on many
> > systems is visible to other processes/users (via /proc or the 'ps'
> > command).

> Your *environment* is visible to other users?  Geez, what a broken
> system ...

True on Solaris (/usr/ucb/ps -eax) at least.  Other systems too I'm
pretty sure.  I thought that Linux let you do it but I just checked
and /proc/<pid>/environ is mode 0400...

-Doug
--
Let us cross over the river, and rest under the shade of the trees.
   --T. J. Jackson, 1863

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

 
 
 

FW: [ppa-dev] Severe bug in debian - phppgadmin opens up

Post by Antonio Fiol Bonn » Fri, 30 Nov 2001 02:38:34




> > > But this way the password ends up in the environment, which on many
> > > systems is visible to other processes/users (via /proc or the 'ps'
> > > command).

> > Your *environment* is visible to other users?  Geez, what a broken
> > system ...

> Try "ps axewww" ? Doesn't work on your platform ?
> Works on AIX, Linux?, ...

Linux Debian Unstable (updated 1 week ago).

For a non-root user, only her processes' environment appears.
(and /proc/*/environ permissions are 400, the user being the process owner)

For root, all processes' environment is shown.

Antonio

Quote:

> Andreas

> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?

> http://www.postgresql.org/users-lounge/docs/faq.html

---------------------------(end of broadcast)---------------------------

 
 
 

FW: [ppa-dev] Severe bug in debian - phppgadmin opens up

Post by Tom La » Fri, 30 Nov 2001 04:12:17



>> Is there a safe way to send username and password to psql?
> The standard way I know of is to use 'expect' and wrap your psql call
> around that.

Didn't you break that by making psql read the password from /dev/tty?
Or can 'expect' take control of /dev/tty?

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

 
 
 

FW: [ppa-dev] Severe bug in debian - phppgadmin opens up

Post by Tom La » Fri, 30 Nov 2001 04:57:23



> I will document the security problem with PGPASSWORD and add a TODO item
> to remove it in 7.3.  Is that OK with everyone?

I don't think we should remove it.  Documenting that using it is a
security risk on some platforms seems a good idea, however.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command

 
 
 

FW: [ppa-dev] Severe bug in debian - phppgadmin opens up

Post by Christopher Kings-Lynn » Fri, 30 Nov 2001 22:33:23


Quote:> > Try "ps axewww" ? Doesn't work on your platform ?
> > Works on AIX, Linux?, ...

> Linux Debian Unstable (updated 1 week ago).

> For a non-root user, only her processes' environment appears.
> (and /proc/*/environ permissions are 400, the user being the
> process owner)

> For root, all processes' environment is shown.

> Antonio

I've tried it on FreeBSD and it seems an unprivlileged user can only see his
or her own environmental variables, it doesn't show variables for any other
user.

Chris

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster