Re: Server instrumentation patch

> -----Original Message-----
> From: Bruce Momjian [mailto:pgman(at)candle(dot)pha(dot)pa(dot)us]
> Sent: 24 June 2005 18:47
> To: Dave Page
> Cc: PostgreSQL-development; Andreas Pflug
> Subject: Re: [HACKERS] Server instrumentation patch
>
> The security issue is that we didn't want the backend to be able to
> read/write outside of /pgdata, and I think we have that
> working, except

Andreas does indeed appear to be checking to ensure that only files
under $PGDATA can be accessed, by disallowing any paths containing '..'.

> that I have no idea how it will handle config files outside /pgdata.
> Maybe that was in the patch --- I don't know.

My reading of the code is that it should work OK if they are symlinked
from other locations of course, however if hba_file or ident_file are
set to locations outside $PGDATA, then that will not work. The log
directory can be accessed if it is outside $PGDATA.

I'm sure Andreas can confirm this.

> I think we need to see a new patch with just the i/o
> functions so we can
> review it.

Andreas, can you (re)post this please?

> I personally think the I/O functions are a good
> idea, but I
> need to be considerate of others in the community who have concerns.

Of course. I know we're pushing hard to get these included, but it's not
to try to force in a sub-standard solution, it just seems to us like
we're revisiting issues that we thought were resolved.

We'll get there in the end :-)

/D