From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Hannu Krosing <hannuk(at)google(dot)com> |
Cc: | Gurjeet Singh <gurjeet(at)singh(dot)im>, Andres Freund <andres(at)anarazel(dot)de>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, Robert Pang <robertpang(at)google(dot)com> |
Subject: | Re: Hardening PostgreSQL via (optional) ban on local file system access |
Date: | 2022-06-25 15:43:30 |
Message-ID: | CABUevEzFQe0DU3FTS3yOqULuNSwLcHPy8ZN4j0+u+TM=1EnMYQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
(please don't top-post. Surely you've been around this community long
enough to know that)
On Sat, Jun 25, 2022 at 1:59 AM Hannu Krosing <hannuk(at)google(dot)com> wrote:
> My understanding was that unless activated by admin these changes
> would change nothing.
>
That is assuming you can do this with changing just a couple of lines of
code. Which you will not be able to do. The risk of back patching something
like that even if off by default is *way* too large.
And they would be (borderline :) ) security fixes
>
No, they would not. Not anymore than adding a new authentication method for
example could be considered a security fix.
And the versioning policy link actually does not say anything about
> not adding features to older versions (I know this is the policy, just
> pointing out the info in not on that page).
>
Yes it does:
The PostgreSQL Global Development Group releases a new major version
containing new features about once a year. Each major version receives bug
fixes and, if need be, security fixes that are released at least once every
three months in what we call a "minor release."
And slightly further down:
While upgrading will always contain some level of risk, PostgreSQL minor
releases fix only frequently-encountered bugs, security issues, and data
corruption problems to reduce the risk associated with upgrading.
So unless you claim this is a frequently encountered bug (it's not -- it's
acting exactly has intentional), security issue (same) or data corruption
(unrelated), it should not go in a minor version. It's very clear.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2022-06-25 15:47:23 | Re: Hardening PostgreSQL via (optional) ban on local file system access |
Previous Message | Drouvot, Bertrand | 2022-06-25 15:33:57 | Re: SYSTEM_USER reserved word implementation |