On Fri, 19 Aug 2005, Bernard wrote:
> But we can take this one step further so that we don't even need to
> trust ourselves:
> The logical next step is that for a non-postgresql-superuser user,
> COPY FROM files have to be world-readable and COPY TO files and
> directories have to be world-writable. The server checks the file
> attributes and grants copy permission depending on them. Obviously any
> Postrgres system files must not be world-readable and world-writable.
> Problem solved. One doesn't need to be a genius to figure this out.
No, it's not solved. It prevents that problem for the configuration
files, but still gives access to other world readable files on the system
for example /etc/passwd on many systems (yes it's not terribly interesting
in general, but still is often not acceptable to retrieve).
You'd probably want to add the ability to setup which directories that are
allowed to be read or written to as configuration separately from unix
No, it doesn't take a genius, but it's not as trivial as you seem to think
it is, either. And honestly, until there's a workable plan that addresses
these issues, opening it up seems foolish.
In response to
pgsql-bugs by date
|Next:||From: Jrg Haustein||Date: 2005-08-19 15:08:38|
|Subject: BUG #1837: varchar/text operator "=" not unicode safe?|
|Previous:||From: Tom Lane||Date: 2005-08-19 14:38:32|
|Subject: Re: [GENERAL] BUG #1830: Non-super-user must be able to copy from a |
pgsql-general by date
|Next:||From: Stephan Szabo||Date: 2005-08-19 15:12:08|
|Subject: Re: [GENERAL] Cascades Failing |
|Previous:||From: Nigel Horne||Date: 2005-08-19 14:58:20|