Nice article. > Now we have to wait for an administrator to “su – postgres”.... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		agwa on April 10, 2013 \| parent \| context \| favorite \| on: Dissecting PostgreSQL CVE-2013-1899 Nice article. > Now we have to wait for an administrator to “su – postgres”. Likely? Eh. This isn't that unlikely. On Debian/Ubuntu, postgres is the database super user and doesn't have a password set by default so the way to administer PostgreSQL is to su to postgres and then run psql/createdb/etc (it relies on local ident authentication).

hartror on April 11, 2013 | [–]

Exactly, I have done this today!

ukandy on April 11, 2013 | [–]

Yes, it's not unlikely at all. It's a timebomb just waiting to explode.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact