Re: For review: Server instrumentation patch - Mailing list pgsql-hackers

From Tom Lane
Subject Re: For review: Server instrumentation patch
Date
Msg-id 14783.1122243172@sss.pgh.pa.us
Whole thread Raw
In response to Re: For review: Server instrumentation patch  (Andrew Dunstan <andrew@dunslane.net>)
Responses Re: For review: Server instrumentation patch
List pgsql-hackers
Andrew Dunstan <andrew@dunslane.net> writes:
> It could be argued that there should be provision for a limitation on 
> the locations in which COPY can write (and maybe read) files.
> If COPY is a security hole then we should close it, not use that as 
> precedent to open another hole.

Yeah.  It's worth pointing out in this connection that server-side
COPY is already pretty well crippled if you are running under SELinux,
because the security policy constrains what parts of the filesystem
the daemon can reach at all.  I've already been thinking seriously
of proposing that the regression tests be converted to use only
\copy and not COPY, because it's difficult to run them against an
installed server on Fedora 4, and it may be impossible in the near
future.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Andrew Dunstan
Date:
Subject: Re: For review: Server instrumentation patch
Next
From: Andrew Dunstan
Date:
Subject: Re: More buildfarm stuff