On 2012-12-05 16:20:41 -0500, Tom Lane wrote:
> Dimitri Fontaine <dimitri@2ndQuadrant.fr> writes:
> >> On 2012-12-05 13:18:16 -0500, Tom Lane wrote:
> >>> I think you're wasting your time to imagine that that case will ever be
> >>> "fixed". Allowing the server to scribble on executable files would set
> >>> off all kinds of security alarm bells, and rightly so. If Postgres ever
> >>> did ship with such a thing, I rather imagine that I'd be required to
> >>> patch it out of Red Hat releases (not that SELinux wouldn't prevent
> >>> it from happening anyway).
>
> > That part I did understand. I still can't be happy about it, but I won't
> > get back with any proposal where that's put into questions. That said,
> > while you're talking about it, what if it's an opt-in GUC?
>
> GUC or no GUC, it'd still be letting an unprivileged network-exposed
> application (PG) do something that's against any sane system-level
> security policy. Lipstick is not gonna help this pig.
What about the non-writable per cluster directory? Thats something I've
actively wished for in the past when developing a C module thats also
used in other clusters.
Greetings,
Andres Freund