Re: dblink connection security - Mailing list pgsql-patches

From Stephen Frost
Subject Re: dblink connection security
Date
Msg-id 20070709141200.GW4887@tamriel.snowman.net
Whole thread Raw
In response to Re: dblink connection security  (Joe Conway <mail@joeconway.com>)
Responses Re: dblink connection security  (Joe Conway <mail@joeconway.com>)
List pgsql-patches
* Joe Conway (mail@joeconway.com) wrote:
> Get serious. Internal functions are specifically designed and maintained to
> be safe within the confines of the database security model. We are
> discussing extensions to the core, all of which must be installed by
> choice, by a superuser.

Extensions should also be designed and maintained to be safe within the
confines of the database security model.  Having to be installed by a
superuser doesn't change that.  I would consider it a serious risk which
would need to be fixed if, for example, a function in PostGIS was found
to allow priviledge escalation by a user.  Claiming it was installed "by
choice, by a superuser" doesn't change that.

It's about as good as saying "Well, an admin had to install PostgreSQL
on the system, by choice, and therefore we don't need to worry about PG
allowing someone remote shell access to the system".

    Thanks,

        Stephen

Attachment

pgsql-patches by date:

Previous
From: Zdenek Kotala
Date:
Subject: Re: script binaries renaming
Next
From: Gregory Stark
Date:
Subject: Re: dblink connection security