Home > mailing lists

Re: Hardening PostgreSQL via (optional) ban on local file system access - Mailing list pgsql-hackers

From	Laurenz Albe
Subject	Re: Hardening PostgreSQL via (optional) ban on local file system access
Date	June 29, 2022 09:51:10
Msg-id	2c3408a04a94f482247a8e646f5778d7b92a4923.camel@cybertec.at Whole thread Raw
In response to	Re: Hardening PostgreSQL via (optional) ban on local file system access (Andres Freund <andres@anarazel.de>)
Responses	Re: Hardening PostgreSQL via (optional) ban on local file system access (Andres Freund <andres@anarazel.de>) Re: Hardening PostgreSQL via (optional) ban on local file system access (Hannu Krosing <hannuk@google.com>)
List	pgsql-hackers

Tree view

On Tue, 2022-06-28 at 16:27 -0700, Andres Freund wrote:
> > Experience shows that 99% of the time one can run PostgreSQL just fine
> > without a superuser
> 
> IME that's not at all true. It might not be needed interactively, but that's
> not all the same as not being needed at all.

I also disagree with that.  Not having a superuser is one of the pain
points with using a hosted database: no untrusted procedural languages,
no untrusted extensions (unless someone hacked up PostgreSQL or provided
a workaround akin to a SECURITY DEFINER function), etc.

Yours,
Laurenz Albe

pgsql-hackers by date:

From: Alexander Pyhalov
Date: 29 June 2022, 09:45:49
Subject: Re: CREATE INDEX CONCURRENTLY on partitioned index

From: Pantelis Theodosiou
Date: 29 June 2022, 09:55:55
Subject: Re: PostgreSQL 15 beta 2 release announcement draft

Re: Hardening PostgreSQL via (optional) ban on local file system access - Mailing list pgsql-hackers

Previous

Next