| From: | Andres Freund <andres(at)2ndquadrant(dot)com> |
|---|---|
| To: | Markus Wanner <markus(at)bluegap(dot)ch> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL-development Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Proposal: template-ify (binary) extensions |
| Date: | 2013-07-15 10:27:40 |
| Message-ID: | 20130715102740.GA12343@alap2.anarazel.de |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2013-07-15 12:20:15 +0200, Markus Wanner wrote:
> On 07/15/2013 12:05 PM, Andres Freund wrote:
> > A superuser can execute native code as postges user. That's it.
>
> Oh, I though Robert meant postgres users, i.e. non-superusers.
Oh, I am talking about *postgres* superusers ;). The example provided
upthread doesn't require 'root' permissions but only database level
superuser permissions.
> I hereby withdraw my pitchforks: I'm certainly not opposing to simplify
> the life of superusers, who already have the power.
I think what dimitri has in mind could easily be delegating the
"dangerous" work to a suid binary which does policy checking and the
real install...
Greetings,
Andres Freund
--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Markus Wanner | 2013-07-15 10:37:40 | Re: Proposal: template-ify (binary) extensions |
| Previous Message | Markus Wanner | 2013-07-15 10:20:15 | Re: Proposal: template-ify (binary) extensions |