| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Hannu Krosing <hannuk(at)google(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, Robert Pang <robertpang(at)google(dot)com> |
| Subject: | Re: Hardening PostgreSQL via (optional) ban on local file system access |
| Date: | 2022-06-29 10:48:57 |
| Message-ID: | d94f69a523ad00e3f0b20e06061f8a80c99e0468.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 2022-06-29 at 00:05 -0700, Andres Freund wrote:
> On 2022-06-29 08:51:10 +0200, Laurenz Albe wrote:
> > On Tue, 2022-06-28 at 16:27 -0700, Andres Freund wrote:
> > > > Experience shows that 99% of the time one can run PostgreSQL just fine
> > > > without a superuser
> > >
> > > IME that's not at all true. It might not be needed interactively, but that's
> > > not all the same as not being needed at all.
> >
> > I also disagree with that. Not having a superuser is one of the pain
> > points with using a hosted database: no untrusted procedural languages,
> > no untrusted extensions (unless someone hacked up PostgreSQL or provided
> > a workaround akin to a SECURITY DEFINER function), etc.
>
> I'm not sure what exactly you're disagreeing with? I'm not saying that
> superuser isn't needed interactively in general, just that there are
> reasonably common scenarios in which that's the case.
I was unclear, sorry. I agreed with you that you can't do without superuser
and disagreed with the claim that 99% of the time nobody needs superuser
access.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2022-06-29 10:59:32 | Re: OpenSSL 3.0.0 compatibility |
| Previous Message | Amit Kapila | 2022-06-29 10:48:12 | Re: Support logical replication of DDLs |