Quick Links

Re: Hardening PostgreSQL via (optional) ban on local file system access

From:	Jeff Davis <pgsql(at)j-davis(dot)com>
To:	Hannu Krosing <hannuk(at)google(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>
Cc:	pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, Robert Pang <robertpang(at)google(dot)com>, Andres Freund <andres(at)anarazel(dot)de>
Subject:	Re: Hardening PostgreSQL via (optional) ban on local file system access
Date:	2022-06-29 05:17:17
Message-ID:	b139681f3f24416536c0193fe6cc2fac0ceb8e5d.camel@j-davis.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Tue, 2022-06-28 at 23:18 +0200, Hannu Krosing wrote:
> I was not after *completely* removing it, but just having an option
> which makes the superuser() function always return false.

Did you test that? I'm guessing that would cause lots of problems,
e.g., installing extensions.

Regards,
Jeff Davis

In response to

Re: Hardening PostgreSQL via (optional) ban on local file system access at 2022-06-28 21:18:56 from Hannu Krosing

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Jeff Davis	2022-06-29 05:32:31	Re: Export log_line_prefix(); useful for emit_log_hook.
Previous Message	Michael Paquier	2022-06-29 04:35:44	Re: Allowing REINDEX to have an optional name