Thread: What is unsecure postgres languages? How to disable them?
Hi,
Could anyone please tell me what is unsecure postgres languages(like C, pgperl, pgpython??). How to disable them or restrict them only for super user?
Thanks,
Dipti
Hi, Am 22.02.2010 11:56, schrieb dipti shah: > Hi, > Could anyone please tell me what is unsecure postgres languages(like C, > pgperl, pgpython??). How to disable them or restrict them only for super > user? They are already restricted for the super user because of their "insecure" nature. That means those languages allow you full access to the system (and even some innards of postgresql) with the rights of the postgresql process. You can remove the language handlers: http://www.postgresql.org/docs/8.1/static/app-droplang.html If you wish. Apart from that there is no more risk attached to them unless you are super user or write insecure functions with them then say with the copy command. Regards Tino Wildenhain
Attachment
dipti shah wrote: > Could anyone please tell me what is unsecure postgres > languages(like C, pgperl, pgpython??). How to disable them or > restrict them only for super user? I have never heard of "unsecure" languages - what exactly do you mean? If you mean "untrusted" languages like PL/PerlU, they are not installed by default *and* they are restricted to superusers. You cannot disable C functions, but to define them you must also have superuser privileges. Yours, Laurenz Albe
Sorry Albe for confusion. Yes, I meant untrusted languages like C, PL/PerlU, PL/PythonU etc...
Thanks a lot you and Tino for nice reply. Could you guys tell me how could I verify whether those languages are installed on my PostGreSQL server?
Thanks for being there,
Dipti
Thanks a lot you and Tino for nice reply. Could you guys tell me how could I verify whether those languages are installed on my PostGreSQL server?
Thanks for being there,
Dipti
On Mon, Feb 22, 2010 at 8:14 PM, Albe Laurenz <laurenz.albe@wien.gv.at> wrote:
I have never heard of "unsecure" languages - what exactly do you mean?dipti shah wrote:
> Could anyone please tell me what is unsecure postgres
> languages(like C, pgperl, pgpython??). How to disable them or
> restrict them only for super user?
If you mean "untrusted" languages like PL/PerlU, they are not
installed by default *and* they are restricted to superusers.
You cannot disable C functions, but to define them you must also
have superuser privileges.
Yours,
Laurenz Albe
dipti shah wrote: > Sorry Albe for confusion. Yes, I meant untrusted languages like C, > PL/PerlU, PL/PythonU etc... > > Thanks a lot you and Tino for nice reply. Could you guys tell me how > could I verify whether those languages are installed on my PostGreSQL > server? > > Thanks for being there, > Dipti > > On Mon, Feb 22, 2010 at 8:14 PM, Albe Laurenz <laurenz.albe@wien.gv.at > <mailto:laurenz.albe@wien.gv.at>> wrote: > > dipti shah wrote: > > Could anyone please tell me what is unsecure postgres > > languages(like C, pgperl, pgpython??). How to disable them or > > restrict them only for super user? > > I have never heard of "unsecure" languages - what exactly do you mean? > > If you mean "untrusted" languages like PL/PerlU, they are not > installed by default *and* they are restricted to superusers. > > You cannot disable C functions, but to define them you must also > have superuser privileges. > > Yours, > Laurenz Albe > As mentioned you can't remove c/internal and for the others, they are not installed unless you went out of your way to install them. SELECT * FROM pg_catalog.pg_language WHERE lanpltrusted = false Scott