Home > mailing lists

Re: allowing privileges on untrusted languages - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: allowing privileges on untrusted languages
Date	March 27, 2013 23:27:54
Msg-id	5153563F.4040706@gmx.net Whole thread Raw
In response to	Re: allowing privileges on untrusted languages (Kohei KaiGai <kaigai@kaigai.gr.jp>)
List	pgsql-hackers

Tree view

On 1/19/13 8:45 AM, Kohei KaiGai wrote:
> I think, it is a time to investigate separation of database superuser privileges
> into several fine-grained capabilities, like as operating system doing.
> https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h

The Linux capabilities system exists because there is no normal file
system object to attach the privileges to.  If there were
/dev/somethings for all of these things, there would not no need for the
capabilities thing.

In this case, the privileges system already exists.  We just need to use it.

pgsql-hackers by date:

From: Peter Eisentraut
Date: 27 March 2013, 23:23:07
Subject: Re: allowing privileges on untrusted languages

From: Peter Eisentraut
Date: 27 March 2013, 23:35:11
Subject: Re: replace plugins directory with GUC

Re: allowing privileges on untrusted languages - Mailing list pgsql-hackers

Previous

Next