> -----Original Message-----
> From: Bruce Momjian [mailto:pgman@candle.pha.pa.us]
> Sent: 24 June 2005 18:47
> To: Dave Page
> Cc: PostgreSQL-development; Andreas Pflug
> Subject: Re: [HACKERS] Server instrumentation patch
>
> The security issue is that we didn't want the backend to be able to
> read/write outside of /pgdata, and I think we have that
> working, except
Andreas does indeed appear to be checking to ensure that only files
under $PGDATA can be accessed, by disallowing any paths containing '..'.
> that I have no idea how it will handle config files outside /pgdata.
> Maybe that was in the patch --- I don't know.
My reading of the code is that it should work OK if they are symlinked
from other locations of course, however if hba_file or ident_file are
set to locations outside $PGDATA, then that will not work. The log
directory can be accessed if it is outside $PGDATA.
I'm sure Andreas can confirm this.
> I think we need to see a new patch with just the i/o
> functions so we can
> review it.
Andreas, can you (re)post this please?
> I personally think the I/O functions are a good
> idea, but I
> need to be considerate of others in the community who have concerns.
Of course. I know we're pushing hard to get these included, but it's not
to try to force in a sub-standard solution, it just seems to us like
we're revisiting issues that we thought were resolved.
We'll get there in the end :-)
/D
