What can malicious postgres db user do to a linux server?



  • Suppose I created a db user with

    create role myuser login password 'xyz';
    

    and allowed typical read and write db permissions.

    If a malicious user finds these login credentials (and has access to db), what is the worst he can do to the Ubuntu server where the db lives? (e.g. can he get access to the OS shell? can he install something? can he remove non-db files? ...)



  • I'm going to answer this question a different way. When we're talking about database servers, the data within said databases is typically far more valuable than anything sitting on the file system. Database servers can be brought back online, databases can be restored from backups, etc...

    Not to diminish the fact that a user with OS access can wreck havoc and take a database offline. I'd be far more concerned what a malicious user would do to a database with write permission. They can manipulate data, delete data, insert bad data, etc.

    If a user is truly wanting to be malicious, this is all the access the would need to be destructive. Depending how aggressive they are, data changes could go undetected for weeks or months, making the chance of recovery challenging.

    So in this case, what are you trying to protect against?

    1. Preventing a trusted database users from making accidentally changes at the OS level?
    2. Making sure the scope of a malicious user is limited?



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2