Re: How to create c language in postgresql database. Thanks. - Mailing list pgsql-general

From Chris Travers
Subject Re: How to create c language in postgresql database. Thanks.
Date
Msg-id CAKt_ZfsX3kCg+p5X6Wy13UsRe_Rw=oH4dT9_UX8TqQeh0dXMjg@mail.gmail.com
Whole thread Raw
In response to Re: How to create c language in postgresql database. Thanks.  (Craig Ringer <ringerc@ringerc.id.au>)
Responses Re: How to create c language in postgresql database. Thanks.  (leaf_yxj <leaf_yxj@163.com>)
List pgsql-general
On Wed, Jun 13, 2012 at 12:19 AM, Craig Ringer <ringerc@ringerc.id.au> wrote:
> On 06/13/2012 12:45 PM, Chris Travers wrote:
>>
>> On Tue, Jun 12, 2012 at 11:47 AM, John R Pierce <pierce@hogranch.com>
>> wrote:
>>>
>>> On 06/12/12 11:25 AM, leaf_yxj wrote:
>>>>
>>>> Thanks. You guys are right. I check the database. The C programm is
>>>> there.
>>>>   ----- but why our application team keep ask me to give them the
>>>> superuser
>>>> privileges to create the C function. Should they use the superuser to
>>>> create
>>>> the C function. if yes , why they need it?
>>>
>>>
>>> yes, only a sql superuser can define a C function, as these have total
>>> access to crashing postgres's innards.
>>>
>> Not just the innards, but the file system (could be used to overwrite
>> data files), arbitrary system commands, etc......
>
> Hopefully not arbitrary system commands, in that I really hope nobody's nuts
> enough to run PostgreSQL as root or with write access to its own binaries.
> The data files are fair game, though, and replacement/modification of
> commands is probably possible in weaker installations.

Maybe not as arbitrary as it would as root, but at least arbitrary in
the sense of "able to do or access anything that the system will let
the Postgres process access."  That means all binaries an ordinary
user can access and all system calls that don't require root unless
you lock things down using something like SELinux.....

Best Wishes,
Chris Travers

pgsql-general by date:

Previous
From: Craig Ringer
Date:
Subject: Re: How to create c language in postgresql database. Thanks.
Next
From: Thomas Kellerer
Date:
Subject: Re: Create view is not accepting the parameter in postgres functions