Skip site navigation (1) Skip section navigation (2)

Re: Updated instrumentation patch

From: "Magnus Hagander" <mha(at)sollentuna(dot)net>
To: "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>,"PostgreSQL-patches" <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Updated instrumentation patch
Date: 2005-07-30 15:29:09
Message-ID: 6BCB9D8A16AC4241919521715F4D8BCE094634@algol.sollentuna.se (view raw or flat)
Thread:
Lists: pgsql-patches
> > > Also, as I already said, marking it as PGC_POSTMASTER is 
> simply not 
> > > adequate security.  Once we have some sort of remote 
> admin feature, 
> > > I would expect it to support adjustment of even postmaster-level 
> > > options (this would mean forcing a database restart of 
> course) --- 
> > > you can hardly say that you have a complete remote admin 
> solution if 
> > > you can't change shared_buffers or max_connections.
> > 
> > The point is you cannot *enable* it once it is *disabled*. Thus you 
> > cannot *elevate* your privileges. Thus not a security issue.
> 
> I think any secure solution is going to have to block all 
> write access to postgresql.conf, and that includes all the 
> COPY TO and all the untrusted languages.

Exactly. But we won't get that for 8.1. So for now, we block all write
access through *new* functions, per the "let's at least not add more
security holes" rule.

//Magnus

Responses

pgsql-patches by date

Next:From: Bruce MomjianDate: 2005-07-30 15:38:54
Subject: Re: Updated instrumentation patch
Previous:From: Bruce MomjianDate: 2005-07-30 15:21:22
Subject: Re: Updated instrumentation patch

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group