Home > mailing lists

Re: AW: AW: "setuid" functions, a solution to the RI privil ege problem - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: AW: AW: "setuid" functions, a solution to the RI privil ege problem
Date	September 18, 2000 18:54:07
Msg-id	Pine.LNX.4.21.0009181159260.380-100000@peter Whole thread Raw
In response to	AW: AW: "setuid" functions, a solution to the RI privil ege problem (Zeugswetter Andreas SB <ZeugswetterA@wien.spardat.at>)
List	pgsql-hackers

Tree view

Zeugswetter Andreas SB writes:

> Since you can write extensions to PostgreSQL that reach far into the OS,
> it does make sense to execute those extensions under a "non priviledged"
> user, and not postgres.

Agreed.

> This OS user would somehow be tied to the username that the client
> passes as his credentials (and that we trust to be authenticated).

Not agreed. It's a feature, not an accident, that client user names,
server OS user names, and database user names are independent. The mapping
of database user names to server OS user names needs to have a separate
mapping and authentication system, which could probably be similar to the
existing client authentication, but still separate.

-- 
Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/

pgsql-hackers by date:

From: Alfred Perlstein
Date: 18 September 2000, 17:17:23
Subject: Re: Library versioning

From: Peter Eisentraut
Date: 18 September 2000, 18:59:37
Subject: Re: ascii to character conversion in postgres

Re: AW: AW: "setuid" functions, a solution to the RI privil ege problem - Mailing list pgsql-hackers

Previous

Next