| From: | Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at> |
|---|---|
| To: | "'Peter Eisentraut'" <peter_e(at)gmx(dot)net> |
| Cc: | "Ross J(dot) Reedstrom" <reedstrm(at)rice(dot)edu>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | AW: AW: AW: "setuid" functions, a solution to the RI pr ivil ege problem |
| Date: | 2000-09-19 07:50:55 |
| Message-ID: | 11C1E6749A55D411A9670001FA687963368084@sdexcsrv1.f000.d0188.sd.spardat.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > Since you can write extensions to PostgreSQL that reach far into the OS,
> > it does make sense to execute those extensions under a "non priviledged"
> > user, and not postgres.
>
> Agreed.
>
> > This OS user would somehow be tied to the username that the client
> > passes as his credentials (and that we trust to be authenticated).
>
> Not agreed. It's a feature, not an accident, that client user names,
> server OS user names, and database user names are independent. The mapping
> of database user names to server OS user names needs to have a separate
> mapping
Yes, a mapping is useful (as I said).
> and authentication system, which could probably be similar to the
> existing client authentication, but still separate.
I do not think that a separate authentication is necessary, it might be a
feature,
but imho the standard would be a trusted mapping from db to OS user.
Remember that execution rights are granted to db users for functions.
If a user does not have a desirable mapping you don't grant him any rights.
A special flag "suid" for functions would imply that the function always
runs under
the same OS user of the function owner, regardless of client credentials.
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Karel Zak | 2000-09-19 08:11:56 | Re: [HACKERS] char* to Datum conversion |
| Previous Message | Alex Guryanow | 2000-09-19 07:30:32 | char* to Datum conversion |