| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Joshua Brindle <method(at)manicmethod(dot)com>, Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Gregory Stark <stark(at)enterprisedb(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Bernd Helmle <mailings(at)oopsware(dot)de>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: 8.4 release planning |
| Date: | 2009-01-27 17:12:22 |
| Message-ID: | 1233076342.2327.2244.camel@ebony.2ndQuadrant |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, 2009-01-26 at 22:55 -0500, Tom Lane wrote:
> Even accepting such a restriction, there's too much code in
> core Postgres to let anyone feel very good about keeping the core free
> of security leaks
I see what you're saying, but we're trying to pass certification, not
provide security in all cases.
The security policy & its implementation is part of the wall, so its
straightforward to say "don't do those things". Since both backups and
plugins are not typically managed by unprivileged users, that seems
reasonable. (And anyway, they should be using PITR :-).
I'd rather see it go in now. It needs to be audited, and it might fail.
If we put it in 8.5 and it still fails, we'll be in 8.6, which is far,
far away and we shouldn't expect NEC to fund such a long range mission.
--
Simon Riggs www.2ndQuadrant.com
PostgreSQL Training, Services and Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2009-01-27 17:18:46 | Re: 8.4 release planning |
| Previous Message | Gregory Stark | 2009-01-27 17:10:40 | Re: 8.4 release planning |