| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
| Cc: | Hannu Krosing <hannuk(at)google(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, Robert Pang <robertpang(at)google(dot)com> |
| Subject: | Re: Hardening PostgreSQL via (optional) ban on local file system access |
| Date: | 2022-06-29 07:05:34 |
| Message-ID: | 20220629070534.pszwogdz2ooczwvu@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 2022-06-29 08:51:10 +0200, Laurenz Albe wrote:
> On Tue, 2022-06-28 at 16:27 -0700, Andres Freund wrote:
> > > Experience shows that 99% of the time one can run PostgreSQL just fine
> > > without a superuser
> >
> > IME that's not at all true. It might not be needed interactively, but that's
> > not all the same as not being needed at all.
>
> I also disagree with that. Not having a superuser is one of the pain
> points with using a hosted database: no untrusted procedural languages,
> no untrusted extensions (unless someone hacked up PostgreSQL or provided
> a workaround akin to a SECURITY DEFINER function), etc.
I'm not sure what exactly you're disagreeing with? I'm not saying that
superuser isn't needed interactively in general, just that there are
reasonably common scenarios in which that's the case.
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hannu Krosing | 2022-06-29 07:45:59 | Re: Hardening PostgreSQL via (optional) ban on local file system access |
| Previous Message | Laurenz Albe | 2022-06-29 06:57:24 | Re: Can we do something to help stop users mistakenly using force_parallel_mode? |