Home > mailing lists

Re: Directory/File Access Permissions for COPY and Generic File Access Functions - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Directory/File Access Permissions for COPY and Generic File Access Functions
Date	October 29, 2014 23:42:06
Msg-id	CA+TgmoZFBJvgUAn43Ci684ED8m3LsKbUE_VAEOLjA5JKd6yA2g@mail.gmail.com Whole thread Raw
In response to	Re: Directory/File Access Permissions for COPY and Generic File Access Functions (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Directory/File Access Permissions for COPY and Generic File Access Functions
List	pgsql-hackers

Tree view

On Wed, Oct 29, 2014 at 3:31 PM, Stephen Frost <sfrost@snowman.net> wrote:
> I still don't particularly like it and, frankly, the limitations we've
> come up with thus far are not issues for my use-cases and I'd rather
> have them and be able to say "yes, you can use this with some confidence
> that it won't trivially bypass the DB security or provide a way to crash
> the DB".

I think it *will* trivially bypass the DB security.  If trivial means
"it can be done by anyone with no work at all", then, OK, it's not
trivial.  If it means "it can be done by a reasonably skilled engineer
without too much trouble", then it's trivial.  To call it a security
feature, I think the bar needs to be higher than that.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Tom Lane
Date: 29 October 2014, 23:39:12
Subject: Re: Directory/File Access Permissions for COPY and Generic File Access Functions

From: Stephen Frost
Date: 29 October 2014, 23:53:21
Subject: Re: Directory/File Access Permissions for COPY and Generic File Access Functions

Re: Directory/File Access Permissions for COPY and Generic File Access Functions - Mailing list pgsql-hackers

Previous

Next