Postgres Pro
Downloads
Home   >   mailing lists

Thread: lo_ and SU privs

lo_ and SU privs

From
Bell John
Date:
Under PostgreSQL 7.1.3 (RH Linux 7.1 platform) I get
the following whenever trying to manipulate large
objects either from psql or sql oriented API's (eg.
PoPy, psycopg, pypgsql (DPAPI kit)):

You must have Postgres superuser privilege to use
server-side lo_import.  Anyone can use the client-side
lo_import provided by libpq.

Is there any way to disable this behaviour or to give
a user the priviliges that are being looked for?  This
effectively cripples the vast majority of programmatic
interfaces to PostgreSQL ie. all those that are more
than wrappers around libpq.

John

__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com

Re: lo_ and SU privs

From
Tom Lane
Date:
Bell John <jbelllinux@yahoo.com> writes:
> You must have Postgres superuser privilege to use
> server-side lo_import.  Anyone can use the client-side
> lo_import provided by libpq.

> Is there any way to disable this behaviour or to give
> a user the priviliges that are being looked for?  This
> effectively cripples the vast majority of programmatic
> interfaces to PostgreSQL ie. all those that are more
> than wrappers around libpq.

Not in the least: you just have to use the interface it's telling you to
use, ie, the lo_import/lo_export libpq functions.  (If you are writing
psql scripts, see \lo_import and \lo_export.)

If you are really intent on using backend-side lo_import and lo_export
from non-superuser ids, there is an ALLOW_DANGEROUS_LO_FUNCTIONS option
you could turn on in pg_config.h.  Do understand however that that is
a security hole a mile wide: anyone who can get at backend lo_export
can trivially break into your postgres user account, eg, by creating
a ~/.rhosts file.  You might as well just let all your DB users be
superusers.

            regards, tom lane

Re: lo_ and SU privs

From
Peter Eisentraut
Date:
Bell John writes:

> You must have Postgres superuser privilege to use
> server-side lo_import.  Anyone can use the client-side
> lo_import provided by libpq.
>
> Is there any way to disable this behaviour

No.

> or to give a user the priviliges that are being looked for?

I believe it said something about superuser, no? ;-)

> This effectively cripples the vast majority of programmatic interfaces
> to PostgreSQL ie. all those that are more than wrappers around libpq.

I think you might have a misunderstanding what is going on here.  You are
trying to use the server-side lo_import() function, which reads from the
server's file system.  That is a) a security hole, and b) mostly useless.
What you want is the lo_import function libpq or the equivalent in the
other interfaces.  If the interface in question doesn't have it, then
perhaps the interface should be fixed, but that is hard to judge without
knowing the details.

--
Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter