Home > mailing lists

Re: Hardening PostgreSQL via (optional) ban on local file system access - Mailing list pgsql-hackers

From	Andrey Borodin
Subject	Re: Hardening PostgreSQL via (optional) ban on local file system access
Date	June 25, 2022 20:17:28
Msg-id	84B1DBFF-F0AF-40F1-B4AB-F2988839F13C@yandex-team.ru Whole thread Raw
In response to	Hardening PostgreSQL via (optional) ban on local file system access (Hannu Krosing <hannuk@google.com>)
List	pgsql-hackers

Tree view

> On 25 Jun 2022, at 03:08, Hannu Krosing <hannuk@google.com> wrote:
>
> Currently the file system access is controlled via being a SUPREUSER

My 2 cents. Ongoing work on making superuser access unneeded seems much more relevant to me.
IMO superuser == full OS access available from postgres process. I think there's uncountable set of ways to affect OS
fromsuperuser. 
E.g. you can create a TOAST value compressed by pglz that allows you to look few kilobytes before detoasted datum. Or
makean archive_command = 'gcc my shell code'. 
It's not even funny to invent things that you can hack as a superuser.

Best regards, Andrey Borodin.

pgsql-hackers by date:

From: Noah Misch
Date: 25 June 2022, 20:15:33
Subject: Re: Postgres perl module namespace

From: Andrey Borodin
Date: 25 June 2022, 22:10:11
Subject: Re: Amcheck verification of GiST and GIN

Re: Hardening PostgreSQL via (optional) ban on local file system access - Mailing list pgsql-hackers

Previous

Next