Rusty pearls: Postgres RCE on cloud databases
Unknown
BSides Las Vegas 2025 · Day 1
**Tal** (as introduced) and **Kobe Abrams** of **Veronus** (as transcribed) present a privilege-escalation style attack chain against **PostgreSQL** that starts from a surprising property of **trusted PL/Perl**: the ability to manipulate **environment variables** in ways the speakers argue should be confined to **untrusted** procedural languages. They chain that primitive through **PL/Rust** compilation mechanics—specifically how **`cargo`** invokes **`rustc`**—to achieve **code execution** in a database session context. The talk is explicit that the work began from a motivation to understand post-**SQL injection** impact on **Amazon RDS** where the provided admin is **not a superuser**. A secondary thread is **responsible disclosure** and **cloud-provider collaboration**: they briefly executed on **AWS RDS**, found the environment **constrained**, and triggered a rapid **AWS** response.
AI review
This is real vulnerability research with a clean narrative: break a trust boundary in PL/Perl, weaponize a modern toolchain’s env surface via PL/Rust, then sanity-check the cloud story with honest negative results. It is exactly the kind of work Postgres operators need to understand.