|
|
|
|
|
|
by theamk
2594 days ago
|
|
|
Interesting, this sounds very much like SUID binaries in Unixes. People want them, but there are so many things to worry about -- LD_PRELOAD, PATH, untrusted input, file open races. I am surprised that postgres is still vulnerable to to those things. I'd think it is natural that those scripts should ignore "search path", just like Perl requires user-specified PATH in the taint mode, or how Linux SUID binaries ignore LD_PRELOAD variable. |
|
|