> > > I think any secure solution is going to have to block all write
> > > access to postgresql.conf, and that includes all the COPY
> TO and all
> > > the untrusted languages.
> > Exactly. But we won't get that for 8.1. So for now, we
> block all write
> > access through *new* functions, per the "let's at least not
> add more
> > security holes" rule.
> As far as I know, the only new functionality the patch adds
> _over_ copy is the ability to write nulls, and rename/unlink.
> Should we just throw an error when writing null bytes?
Um. Yes. This patch goes one step further and allows you to block the
writing of *any* file using these functions. The question is wether that
one step further is far enough..
pgsql-patches by date
|Next:||From: Bruce Momjian||Date: 2005-07-30 15:58:06|
|Subject: Re: Updated instrumentation patch|
|Previous:||From: Bruce Momjian||Date: 2005-07-30 15:46:37|
|Subject: Re: Patch to mention cost-based delay in vacuum reference|