| From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Stephen Frost" <sfrost(at)snowman(dot)net> |
| Cc: | "Andrew Dunstan" <andrew(at)dunslane(dot)net>, "Andreas Pflug" <pgadmin(at)pse-consulting(dot)de>, "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>, "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>, "PostgreSQL-development" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: For review: Server instrumentation patch |
| Date: | 2005-07-26 20:17:17 |
| Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCE09461E@algol.sollentuna.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > If you want to secure your system against a superuser()-level
> > intrusion then you need to secure the unix account, or disable
> > creation of C-language and other untrusted languages (at least).
>
> Very likely --- which is why Magnus' idea of an explicit
> switch to prevent superuser filesystem access seems
> attractive to me. It'd have to turn off LOAD and creation of
> new C functions as well as COPY and the other stuff we discussed.
So would a patch to do this be accepted for 8.1 even though we are past
feature freeze?
And if yes, would you like me to give I a shot or would you rather do it
yourself? (As I'm sure it'd need tweaking)
And finally, with something like that in place, would you be fine with
the file editing functions as they stand (limiting them to the pg
directories, as I believe it does)?
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Travers | 2005-07-26 20:20:58 | Re: [HACKERS] Enticing interns to PostgreSQL |
| Previous Message | Palle Girgensohn | 2005-07-26 20:17:05 | Re: More buildfarm stuff |