Home > mailing lists

Re: "Bug" report - Serious (local shell) - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: "Bug" report - Serious (local shell)
Date	August 14, 2003 19:46:00
Msg-id	6915.1060888963@sss.pgh.pa.us Whole thread Raw
In response to	"Bug" report - Serious (local shell) (Diego Linke - GAMK <linke@calnet.com.br>)
List	pgsql-bugs

Tree view

Diego Linke - GAMK <linke@calnet.com.br> writes:
> The problem is that postgresql when calls a function in external C,
> calls with user of the postgres.

The ability to create C functions is reserved to superusers, for exactly
this reason.  If you have the rights to make the backend execute
arbitrary C code, you hardly need a shell to do something nasty.

In short, this is not a bug.  Don't give superuser privileges to people
you cannot trust.

            regards, tom lane

pgsql-bugs by date:

From: Stephan Szabo
Date: 14 August 2003, 18:46:59
Subject: Re: "Bug" report - Serious (local shell)

From: Diego Linke - GAMK
Date: 14 August 2003, 20:09:34
Subject: Re: "Bug" report - Serious (local shell)

Re: "Bug" report - Serious (local shell) - Mailing list pgsql-bugs

Previous

Next