On Fri, Nov 16, 2001 at 05:02:13PM +0100, Klaus Reger wrote:
> > "Klaus Reger" <K.Reger@twc.de> writes:
> >> I've made a patch, that introduces an entry in the PostgreSQL-config
> >> file. You can set a drirectory, where all imports/exports can happen.
> >> If nothing is set (the default), no imports/exports on the server-side
> >> are allowed. To enhance the security, no reading/writung is allowed
> >> from/to non-regular files (block-devs, symlinks, etc.)
> >
> > This is trivially defeatable, assuming that the "import/export"
> > directory is world writable (if it isn't, importing will be tough).
>
> ...
> > While you could patch around these particular attacks by further
> > restricting the filenames, the bottom line is that server-side LO
> > operations are just inherently insecure.
> >
> > regards, tom lane
>
> Ok, you're right, but is it acceptable, to configure this, using the
> configfile, rather than with a compile-option?
You can always use client-site LO operations without this restriction.IMHO server-site LO operations is needless and a
littledirty feature.
May by add to our privilege system support for LO operations too. Butour current privilege system is very inflexible
forchanges1...
Karel
-- Karel Zak <zakkr@zf.jcu.cz>http://home.zf.jcu.cz/~zakkr/C, PostgreSQL, PHP, WWW, http://docs.linux.cz,
http://mape.jcu.cz