Re: allowing privileges on untrusted languages - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: allowing privileges on untrusted languages
Date
Msg-id 5153563F.4040706@gmx.net
Whole thread Raw
In response to Re: allowing privileges on untrusted languages  (Kohei KaiGai <kaigai@kaigai.gr.jp>)
List pgsql-hackers
On 1/19/13 8:45 AM, Kohei KaiGai wrote:
> I think, it is a time to investigate separation of database superuser privileges
> into several fine-grained capabilities, like as operating system doing.
> https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h

The Linux capabilities system exists because there is no normal file
system object to attach the privileges to.  If there were
/dev/somethings for all of these things, there would not no need for the
capabilities thing.

In this case, the privileges system already exists.  We just need to use it.



pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: allowing privileges on untrusted languages
Next
From: Peter Eisentraut
Date:
Subject: Re: replace plugins directory with GUC