| From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
|---|---|
| To: | "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "PostgreSQL-patches" <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: Updated instrumentation patch |
| Date: | 2005-07-30 15:53:08 |
| Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCE094635@algol.sollentuna.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
> > > I think any secure solution is going to have to block all write
> > > access to postgresql.conf, and that includes all the COPY
> TO and all
> > > the untrusted languages.
> >
> > Exactly. But we won't get that for 8.1. So for now, we
> block all write
> > access through *new* functions, per the "let's at least not
> add more
> > security holes" rule.
>
> As far as I know, the only new functionality the patch adds
> _over_ copy is the ability to write nulls, and rename/unlink.
> Should we just throw an error when writing null bytes?
Um. Yes. This patch goes one step further and allows you to block the
writing of *any* file using these functions. The question is wether that
one step further is far enough..
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2005-07-30 15:58:06 | Re: Updated instrumentation patch |
| Previous Message | Bruce Momjian | 2005-07-30 15:46:37 | Re: Patch to mention cost-based delay in vacuum reference |