| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andres Freund <andres(at)2ndquadrant(dot)com>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |
| Date: | 2014-10-29 20:41:56 |
| Message-ID: | CA+TgmoZFBJvgUAn43Ci684ED8m3LsKbUE_VAEOLjA5JKd6yA2g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Oct 29, 2014 at 3:31 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> I still don't particularly like it and, frankly, the limitations we've
> come up with thus far are not issues for my use-cases and I'd rather
> have them and be able to say "yes, you can use this with some confidence
> that it won't trivially bypass the DB security or provide a way to crash
> the DB".
I think it *will* trivially bypass the DB security. If trivial means
"it can be done by anyone with no work at all", then, OK, it's not
trivial. If it means "it can be done by a reasonably skilled engineer
without too much trouble", then it's trivial. To call it a security
feature, I think the bar needs to be higher than that.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2014-10-29 20:53:12 | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |
| Previous Message | Robert Haas | 2014-10-29 20:38:59 | Re: pg_background (and more parallelism infrastructure patches) |