Re: Identifying user-created objects - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: Identifying user-created objects
Date
Msg-id 20200305052320.GS2593@paquier.xyz
Whole thread Raw
In response to Re: Identifying user-created objects  (Fujii Masao <masao.fujii@oss.nttdata.com>)
List pgsql-hackers
On Wed, Mar 04, 2020 at 06:57:00PM +0900, Fujii Masao wrote:
> Yes. But I'm sure that DBA has already considered the measures
> againt such threads. Otherwise malicious users can do anything
> more malicious rather than changing oid.

A superuser is by definition able to do anything on the system using
the rights of the OS user running the Postgres backend.  One thing for
example is to take a base backup of the full instance, but you can do
much more interesting things once you have such rights.  So I don't
quite get the line of arguments used on this thread regarding the
relation with somebody being malicious with superuser rights, and the
arguments about a superuser able to manipulate freely the catalog's
contents.
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: Michael Paquier
Date:
Subject: Re: Cast to uint16 in pg_checksum_page()
Next
From: Masahiko Sawada
Date:
Subject: Re: Identifying user-created objects