> > Because I wanted the standard platform behaviour of both.
> For backend
> > storage subsystem purposes, it's certainly necessary to emulate *ix
> > behaviour of deleting a file in use, but for generic file
> access IMHO
> > the generic behaviour should be exposed.
>
> I'm going to repeat my firm opposition to this patch. Under
> the innocuous-sounding banner of "server instrumentation",
> you are once again trying to put in generic file access
> capabilities that will allow remote Postgres superusers full
> access to the server filesystem.
>
> The potential security risks of this are obvious to anyone.
> The only justification that has been offered is "this will
> make remote administration easier". Well, yeah, but it will
> make remote breakins easier too. Valuing ease of use over
> security is the philosophy that got Microsoft into the mess
> they're in now --- do we want to follow that precedent?
How is this different from the fact that the superuser can already use
COPY to accomplish the same thing? Sure, you have to go through a
temporary table but if you're superuser that is not exactly a problem.
You can read/write any file the service account has permissions on.
//Magnus
