| From: | Greg Stark <gsstark(at)mit(dot)edu> |
|---|---|
| To: | Scott Marlowe <smarlowe(at)g2switchworks(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Greg Stark <gsstark(at)mit(dot)edu>, "John D(dot) Burger" <john(at)mitre(dot)org>, Postgresql-General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: About "ERROR: must be *superuser* to COPY to or from a file" |
| Date: | 2005-08-31 03:20:49 |
| Message-ID: | 87br3e3i7i.fsf@stark.xeocode.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Scott Marlowe <smarlowe(at)g2switchworks(dot)com> writes:
> Plus, how is the server supposed to KNOW that you have access to the
> file? psql may know who you are, but the server only knows who you are
> in the "postgresql" sense, not the OS sense.
My original suggestion was that clients connected via unix domain sockets
should be allowed to read any file owned by the same uid as the connecting
client. (Which can be verified using getpeereid/SO_PEERCRED/SCM_CREDS.)
Alternatively and actually even better and more secure would be passing the fd
directly from the client to the server over the socket. That avoids any
question of the server bypassing any security restrictions. The client is
responsible for opening the file under its privileges and handing the
resulting fd to the server over the socket.
None of this helps for remote clients of course but remote clients can just
ftp the file to the server anyways and some manual intervention is necessarily
needed by the DBA to create a security policy for them.
--
greg
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gavin M. Roy | 2005-08-31 03:21:40 | Re: Php abstraction layers |
| Previous Message | Greg Stark | 2005-08-31 03:00:35 | Re: Php abstraction layers |