Re: For review: Server instrumentation patch - Mailing list pgsql-hackers

From Andrew Dunstan
Subject Re: For review: Server instrumentation patch
Date
Msg-id 42E4D0B4.7020603@dunslane.net
Whole thread Raw
In response to Re: For review: Server instrumentation patch  ("Magnus Hagander" <mha@sollentuna.net>)
Responses Re: For review: Server instrumentation patch
List pgsql-hackers

Magnus Hagander wrote:

>
>Instead of trying to pick on one feature, how about trying something
>constructive instead? Let's say we add a GUC like "restrict_superuser",
>that disables COPY to local files, untrusted procedural languages (both
>creation and using the ones that already exist), the new access
>functions, the LOAD command etc. Then the admin can chose what to do
>about superuser access levels - the requirement may dependon SELinux for
>example. 
>  
>

I could go for this.

Creating a setting that disallowed creation/calling of  plperlu 
functions would be fairly trivial.

I still think, security considerations aside, that an API for config 
settings would be a much better piece of design than providing file 
system access functions.

cheers

andrew


pgsql-hackers by date:

Previous
From: "Magnus Hagander"
Date:
Subject: Re: For review: Server instrumentation patch
Next
From: ohp@pyrenet.fr
Date:
Subject: Re: regression failure on latest CVS