> Now we have to wait for an administrator to “su – postgres”. Likely? Eh.
This isn't that unlikely. On Debian/Ubuntu, postgres is the database super user and doesn't have a password set by default so the way to administer PostgreSQL is to su to postgres and then run psql/createdb/etc (it relies on local ident authentication).
ehm. anti-virus? there's a whole discussion about it, i won't go into here.
but what can an anti-virus do? best would be to patch the database (might be pretty hard). then it could write something like:
echo "you have been hacked!"; exit 0
into the .profile. that will let the user spot the cracking attempt.
7 comments
[ 3.3 ms ] story [ 28.1 ms ] thread> Now we have to wait for an administrator to “su – postgres”. Likely? Eh.
This isn't that unlikely. On Debian/Ubuntu, postgres is the database super user and doesn't have a password set by default so the way to administer PostgreSQL is to su to postgres and then run psql/createdb/etc (it relies on local ident authentication).
Would be neat if there were an exploit which injected something to make further injection impossible.
but what can an anti-virus do? best would be to patch the database (might be pretty hard). then it could write something like: echo "you have been hacked!"; exit 0 into the .profile. that will let the user spot the cracking attempt.