| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Martín Marqués <martin(dot)marques(at)gmail(dot)com>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Gabriele Bartolini <gabriele(dot)bartolini(at)enterprisedb(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Possibility to disable `ALTER SYSTEM` |
| Date: | 2024-01-31 04:25:28 |
| Message-ID: | 2391022.1706675128@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Tue, Jan 30, 2024 at 10:48 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> I was imagining using selinux and/or sepgsql to directly prevent
>> writing postgresql.auto.conf from the Postgres account.
> Wouldn't a simple "chattr +i postgresql.auto.conf" work?
Hmm, I'm not too familiar with that file attribute, but it looks
like it'd work (on platforms that support it).
My larger point here is that trying to enforce restrictions on
superusers *within* Postgres is simply not a good plan, for
largely the same reasons that Robert questioned making the
GUC mechanism police itself. It needs to be done outside,
either at the filesystem level or via some other kernel-level
security system.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Rowley | 2024-01-31 04:25:48 | Re: Apply the "LIMIT 1" optimization to partial DISTINCT |
| Previous Message | Alexander Lakhin | 2024-01-31 04:00:00 | Re: Fix some ubsan/asan related issues |