| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: allowing privileges on untrusted languages |
| Date: | 2013-01-19 13:54:26 |
| Message-ID: | CA+U5nM+BEO9J=i_J7xgeoD7P-8Ea6PyV80XMTH02jFE6FWvZfw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 19 January 2013 13:45, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> wrote:
> I think, it is a time to investigate separation of database superuser privileges
> into several fine-grained capabilities, like as operating system doing.
> https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h
>
> In case of Linux, the latest kernel has 36 kinds of capabilities that reflects
> a part of root privileges, such as privilege to open listen port less than 1024,
> privilege to override DAC permission and so on. Traditional root performs
> as a user who has all the capability in default.
Sounds like the best way to go. The reasoning that led to that change
works for us as well.
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2013-01-19 14:24:49 | Re: Contrib PROGRAM problem |
| Previous Message | Kohei KaiGai | 2013-01-19 13:45:13 | Re: allowing privileges on untrusted languages |