Skip site navigation (1) Skip section navigation (2)

Re: For review: Server instrumentation patch

From: "Magnus Hagander" <mha(at)sollentuna(dot)net>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>,"Andreas Pflug" <pgadmin(at)pse-consulting(dot)de>
Cc: "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>,"Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>,"PostgreSQL-development" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: For review: Server instrumentation patch
Date: 2005-07-24 19:10:10
Message-ID: 6BCB9D8A16AC4241919521715F4D8BCE094609@algol.sollentuna.se (view raw or flat)
Thread:
Lists: pgsql-hackers
> > Because I wanted the standard platform behaviour of both. 
> For backend 
> > storage subsystem purposes, it's certainly necessary to emulate *ix 
> > behaviour of deleting a file in use, but for generic file 
> access IMHO 
> > the generic behaviour should be exposed.
> 
> I'm going to repeat my firm opposition to this patch.  Under 
> the innocuous-sounding banner of "server instrumentation", 
> you are once again trying to put in generic file access 
> capabilities that will allow remote Postgres superusers full 
> access to the server filesystem.
>
> The potential security risks of this are obvious to anyone.  
> The only justification that has been offered is "this will 
> make remote administration easier".  Well, yeah, but it will 
> make remote breakins easier too.  Valuing ease of use over 
> security is the philosophy that got Microsoft into the mess 
> they're in now --- do we want to follow that precedent?

How is this different from the fact that the superuser can already use
COPY to accomplish the same thing? Sure, you have to go through a
temporary table but if you're superuser that is not exactly a problem.
You can read/write any file the service account has permissions on.


//Magnus

Responses

pgsql-hackers by date

Next:From: Simon RiggsDate: 2005-07-24 19:55:09
Subject: Re: A Guide to Constraint Exclusion (Partitioning)
Previous:From: Greg StarkDate: 2005-07-24 19:00:23
Subject: Re: A Guide to Constraint Exclusion (Partitioning)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group