| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: Insufficient attention to security in contrib (mostly) |
| Date: | 2007-08-28 15:01:56 |
| Message-ID: | 200708280801.56340.josh@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom,
> ... in particular, that restriction seems pretty content-free for most
> practical layouts. And it's got interesting security behaviors:
> DBA A, by more-or-less innocently allowing some tables in his database B
> to be created in tablespace C, might be allowing his unrelated user D to
> find out info about some other database E that shares use of C. I'd
> like there to have to be some direct, intended connection of D to E
> before D can measure E's size ...
Well, that puts us back in the position of requiring a "read" or "metadata"
permission for tablespaces, or requiring superuser access. The latter is
unpalatable because there are existing tools in the field which work without
superuser access; the former is troublesome because it wouldn't be used for
anything other than the dbsize function, at least not right now.
--
Josh Berkus
PostgreSQL @ Sun
San Francisco
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-08-28 15:25:01 | Re: Insufficient attention to security in contrib (mostly) |
| Previous Message | Andrew Dunstan | 2007-08-28 15:00:31 | Re: Testing the other tsearch dictionaries |