Re: For review: Server instrumentation patch
| От | Tom Lane |
|---|---|
| Тема | Re: For review: Server instrumentation patch |
| Дата | |
| Msg-id | 18447.1122410015@sss.pgh.pa.us обсуждение |
| Ответ на | Re: For review: Server instrumentation patch ("Magnus Hagander" <mha@sollentuna.net>) |
| Список | pgsql-hackers |
"Magnus Hagander" <mha@sollentuna.net> writes:
>>> If you want to secure your system against a superuser()-level
>>> intrusion then you need to secure the unix account, or disable
>>> creation of C-language and other untrusted languages (at least).
>>
>> Very likely --- which is why Magnus' idea of an explicit
>> switch to prevent superuser filesystem access seems
>> attractive to me. It'd have to turn off LOAD and creation of
>> new C functions as well as COPY and the other stuff we discussed.
> So would a patch to do this be accepted for 8.1 even though we are past
> feature freeze?
Given that we don't even have a design for it, I think it's a bit late
for 8.1 :-(.
Both Bruce and I have way more on our plates than we could wish, and the
other committers aren't getting a lot done, so the originally hoped-for
beta date of 1 Aug is looking completely out of reach. So adding yet
more stuff to the queue isn't going to get looked upon with great favor.
> And finally, with something like that in place, would you be fine with
> the file editing functions as they stand (limiting them to the pg
> directories, as I believe it does)?
I'm OK with them even without the directory limitation as long as
there's a way to disable them. However, I fear the whole thing has to
wait for 8.2 at this point.
regards, tom lane
В списке pgsql-hackers по дате отправления: