Skip site navigation (1) Skip section navigation (2)

Re: Updated instrumentation patch

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Magnus Hagander" <mha(at)sollentuna(dot)net>
Cc: "PostgreSQL-patches" <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Updated instrumentation patch
Date: 2005-07-30 15:07:44
Message-ID: 26887.1122736064@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-patches
"Magnus Hagander" <mha(at)sollentuna(dot)net> writes:
> Per recent discussion, here is yet another updated version of the
> instrumentation patch. Changes:

> * Added guc option "disable_remote_admin", that disables any write
> operations (write, unlink, rename) even for the superuser. Set as
> PGC_POSTMASTER so it cannot be changed remotely.

I was envisioning it as disabling all filesystem access --- read as well
as write.  Essentially the abstract concept I want is that with this on,
even a superuser cannot use Postgres to get at the underlying operating
system.  A name like "enable_filesystem_access" would probably be more
appropriate.

Also, as I already said, marking it as PGC_POSTMASTER is simply not
adequate security.  Once we have some sort of remote admin feature,
I would expect it to support adjustment of even postmaster-level options
(this would mean forcing a database restart of course) --- you can
hardly say that you have a complete remote admin solution if you can't
change shared_buffers or max_connections.

			regards, tom lane

In response to

Responses

pgsql-patches by date

Next:From: Bruce MomjianDate: 2005-07-30 15:14:03
Subject: Re: Updated instrumentation patch
Previous:From: Bruce MomjianDate: 2005-07-30 14:57:15
Subject: Re: [HACKERS] Autovacuum loose ends

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group