Re: For review: Server instrumentation patch - Mailing list pgsql-hackers

From Magnus Hagander
Subject Re: For review: Server instrumentation patch
Date
Msg-id 6BCB9D8A16AC4241919521715F4D8BCE09461E@algol.sollentuna.se
Whole thread Raw
In response to For review: Server instrumentation patch  ("Dave Page" <dpage@vale-housing.co.uk>)
Responses Re: For review: Server instrumentation patch
List pgsql-hackers
> > If you want to secure your system against a superuser()-level
> > intrusion then you need to secure the unix account, or disable
> > creation of C-language and other untrusted languages (at least).
>
> Very likely --- which is why Magnus' idea of an explicit
> switch to prevent superuser filesystem access seems
> attractive to me.  It'd have to turn off LOAD and creation of
> new C functions as well as COPY and the other stuff we discussed.

So would a patch to do this be accepted for 8.1 even though we are past
feature freeze?

And if yes, would you like me to give I a shot or would you rather do it
yourself? (As I'm sure it'd need tweaking)

And finally, with something like that in place, would you be fine with
the file editing functions as they stand (limiting them to the pg
directories, as I believe it does)?


//Magnus


pgsql-hackers by date:

Previous
From: David Wheeler
Date:
Subject: Re: Segfault Exiting psql
Next
From: "Jim C. Nasby"
Date:
Subject: ENUM type