"Magnus Hagander" <mha(at)sollentuna(dot)net> writes:
> For those that haven't already seen it, this might give some extra
> exposure to PostgreSQL wrt vulnerability research. Though I think nobody
> will have a chance to find one (I just don't see how you could possibly
> get root through postgresql, since we refuse to run as root), other
> things might be exposed by someone who's poking around.
Yeah, I think they've really done the database community a disservice by
defining interesting exploits as being only those resulting in root.
An exploit that lets you get database superuser privs would be the
appropriate criterion here, IMHO.
regards, tom lane