| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: db_user_namespace a "temporary measure" |
| Date: | 2014-03-12 15:10:38 |
| Message-ID: | 12607.1394637038@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Wed, Mar 12, 2014 at 3:52 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> A local user with the superuser privilege would not be able to log into
>> another database, because superuser doesn't give you any extra privilege
>> until you've logged in.
>>
>> Yeah, as superuser you could still break things as much as you pleased,
>> but not through SQL.
> You could COPY over the hba file or sometihng like that :) Or just
> pg_read_binary_file() on the files in another database, which is accessible
> through SQL as well.
More directly, he could alter pg_authid to make himself a not-local user.
But I don't see that it's our responsibility to prevent that. As long as
the combination of features works in a straightforward way, I'm happy
with it --- and it would, AFAICS.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2014-03-12 15:20:36 | Re: db_user_namespace a "temporary measure" |
| Previous Message | Stephen Frost | 2014-03-12 15:06:49 | Re: db_user_namespace a "temporary measure" |