Quick Links

Re: logfile subprocess and Fancy File Functions

From:	Andrew Dunstan <andrew(at)dunslane(dot)net>
To:	Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com>, Andreas Pflug <pgadmin(at)pse-consulting(dot)de>, PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org>
Subject:	Re: logfile subprocess and Fancy File Functions
Date:	2004-07-24 16:52:29
Message-ID:	410293CD.5040802@dunslane.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-patches

Bruce Momjian wrote:

>As a super-user, could an attacker load a server-side language and
>access the backend environment variable PGDATA.
>
>

plperl won't do it, but plperlu will (as expected I guess). But the
superuser will have to jump through some explicit hoops in order to get
there, which is different from providing such facilities out of the box.

cheers

andrew

In response to

Re: logfile subprocess and Fancy File Functions at 2004-07-24 16:12:52 from Bruce Momjian

Responses

Re: logfile subprocess and Fancy File Functions at 2004-07-24 16:55:14 from Bruce Momjian

Browse pgsql-patches by date

	From	Date	Subject
Next Message	Bruce Momjian	2004-07-24 16:55:14	Re: logfile subprocess and Fancy File Functions
Previous Message	Tom Lane	2004-07-24 16:42:45	Re: logfile subprocess and Fancy File Functions