On 14 Jun 2013, at 11:18am, Toby Dickenson <t...@tarind.com> wrote: > Suppose I have two processes which communicate via a shared database. > One process is internet-facing, and therefore carries a risk of being > compromised. The second process is running under a different uid, and > has access to other files which should be kept private. The database > is a trust boundary. > > To what extent is this IPC mechanism a risk of privilege escalation, > whereby any malicious code injected into the first process might be > able to use the shared database to attack the second process. > Obviously there is a need for both applications to handle the data > retrieved from that database in a secure manner, but are there other > risks/considerations from the sqlite library itself?
The SQLite library does not store low-level executable code in any database file, nor does it execute any code found in a database file. Putting executable code in a SQLite database (presumably as a BLOB) does nothing unless you have specially written your program to retrieve a BLOB, put it into memory and execute it. Don’t do that. Unless you have a good reason to. The SQLite library can store certain types of 'code' in a database at the SQL level. If someone manages to compromise your web-facing interface they might be able to, for example, create a TRIGGER in your database that caused the execution of one SQL command to execute other SQL commands. A nasty TRIGGER might be, for example, one which noticed a new row in the member table with the name 'Bobby Tables' and responded by deleting all rows in the member table. This would affect all applications which used that database even if the new member was added by a different application from the one which inserted the TRIGGER. Worth noting here that all this TRIGGER did was delete data (or otherwise mess up your database file). It didn’t inject executable code into your application. It might make your application run parts of itself unexpectedly (for example, your application might react to a particular SQLite error code by running certain lines of code) but it couldn’t do much more than that. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
