| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Aidan Van Dyk <aidan(at)highrise(dot)ca> |
| Cc: | Jeremy Drake <pgsql(at)jdrake(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Greg Sabino Mullane <greg(at)turnstep(dot)com> |
| Subject: | Re: modules |
| Date: | 2008-04-04 14:17:30 |
| Message-ID: | 47F6387A.3060004@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
Aidan Van Dyk wrote:
>
> This was simply about changing the user permissions needed to run CREATE
> FUNCTION ... LANGUAGE "C" so that distros/packages could have whatever
> module they want packaged (in system RPM/DEB/PKG context) and available
> on the system in a way that databases owners could install them into
> their PostgreSQL database (using the current psql < earthdistance.sql
> methods) without getting ISP/superuser assistance.
>
>
>
That's not going to happen, at least not like that - the security
implications are just horrible. We have recently relaxed the rules
relating to installation of trusted languages by database owners. But to
extend that to modules in general we'd need some way of designating
modules as safe or not.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bhat, Suma | 2008-04-04 14:21:12 | Question about pg_catalog.pg_trigger. |
| Previous Message | Tino Wildenhain | 2008-04-04 14:05:45 | Re: Secure "where in(a,b,c)" clause. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Aidan Van Dyk | 2008-04-04 15:03:01 | Re: modules |
| Previous Message | Aidan Van Dyk | 2008-04-04 13:49:40 | Re: modules |