"David Litchfield" <[EMAIL PROTECTED]> writes:
> _init() is the equivalent of DllMain on Linux/etc; in fact the other
> database server I was looking at is vulnerable to this exact problem. If
> postgresql accepts CLOB/BLOB input from a client to a table and then can
> dump to disk you might be
Tom Lane wrote:
> John Heasman <[EMAIL PROTECTED]> writes:
> > It appears that low privileged users can invoke the LOAD extension
> > to load arbitrary libraries into the postgres process space.
>
> Hmm. Creating C functions is restricted to superusers, but I guess
> no one ever noticed that LOAD
John Heasman <[EMAIL PROTECTED]> writes:
> It appears that low privileged users can invoke the LOAD extension to load
> arbitrary libraries into the postgres process space.
Hmm. Creating C functions is restricted to superusers, but I guess no
one ever noticed that LOAD isn't. On a platform wher
John,
_init() is the equivalent of DllMain on Linux/etc; in fact the other
database server I was looking at is vulnerable to this exact problem. If
postgresql accepts CLOB/BLOB input from a client to a table and then can
dump to disk you might be able to achieve it that way - which is how I did
