Re: Hardening PostgreSQL via (optional) ban on local file system access - Mailing list pgsql-hackers

From Andres Freund
Subject Re: Hardening PostgreSQL via (optional) ban on local file system access
Date
Msg-id 20220629070534.pszwogdz2ooczwvu@alap3.anarazel.de
Whole thread Raw
In response to Re: Hardening PostgreSQL via (optional) ban on local file system access  (Laurenz Albe <laurenz.albe@cybertec.at>)
Responses Re: Hardening PostgreSQL via (optional) ban on local file system access
List pgsql-hackers
Hi,

On 2022-06-29 08:51:10 +0200, Laurenz Albe wrote:
> On Tue, 2022-06-28 at 16:27 -0700, Andres Freund wrote:
> > > Experience shows that 99% of the time one can run PostgreSQL just fine
> > > without a superuser
> > 
> > IME that's not at all true. It might not be needed interactively, but that's
> > not all the same as not being needed at all.
> 
> I also disagree with that.  Not having a superuser is one of the pain
> points with using a hosted database: no untrusted procedural languages,
> no untrusted extensions (unless someone hacked up PostgreSQL or provided
> a workaround akin to a SECURITY DEFINER function), etc.

I'm not sure what exactly you're disagreeing with? I'm not saying that
superuser isn't needed interactively in general, just that there are
reasonably common scenarios in which that's the case.

Greetings,

Andres Freund



pgsql-hackers by date:

Previous
From: Laurenz Albe
Date:
Subject: Re: Can we do something to help stop users mistakenly using force_parallel_mode?
Next
From: Hannu Krosing
Date:
Subject: Re: Hardening PostgreSQL via (optional) ban on local file system access