Re: Possibility to disable `ALTER SYSTEM` - Mailing list pgsql-hackers

From David G. Johnston
Subject Re: Possibility to disable `ALTER SYSTEM`
Date
Msg-id CAKFQuwbih7t2xG7+_b_mNUYV=XZ4HJYXmSghFKy7JaJa9qz9yQ@mail.gmail.com
Whole thread Raw
In response to Re: Possibility to disable `ALTER SYSTEM`  ("Joel Jacobson" <joel@compiler.org>)
List pgsql-hackers
On Wednesday, February 7, 2024, Joel Jacobson <joel@compiler.org> wrote:

On Fri, Sep 8, 2023, at 23:43, Magnus Hagander wrote:
> We need a "allowlist" of things a user can do, rather than a blocklist
> of "they can do everything they can possibly think of and a computer
> is capable of doing, except for this one specific thing". Blocklisting
> individual permissions of a superuser will never be secure.

+1 for preferring an "allowlist" approach over a blocklist.

The status quo is allow everything so while the theory is nice it seems that requiring it to be allowlist is just going to scare anyone off of actually improving matters.

Also, this isn’t necessarily about blocking the superuser, it is about effectively disabling features deemed undesirable at runtime.  All features enabled by default seems like a valid policy.

While the only features likely to be disabled are those involving someone’s definition of security the security policy is still that superuser can do everything the system is capable of doing.

David J.

pgsql-hackers by date:

Previous
From: Jelte Fennema-Nio
Date:
Subject: Re: Possibility to disable `ALTER SYSTEM`
Next
From: Jelte Fennema-Nio
Date:
Subject: Re: Possibility to disable `ALTER SYSTEM`