Re: [HACKERS] Function to kill backend
| От | Andrew Dunstan |
|---|---|
| Тема | Re: [HACKERS] Function to kill backend |
| Дата | |
| Msg-id | 406EE17E.4020103@dunslane.net обсуждение исходный текст |
| Список | pgsql-patches |
Magnus Hagander wrote: > > >>I think any such facility is inherently a security risk, since it means >> >> >>that a remote attacker who's managed to break into your superuser >>account can randomly zap other backends. Now admittedly there's plenty >> >> >>of other mischief he can do with superuser privs, but that doesn't mean >> >> >>we should hand him a pre-loaded, pre-sighted cannon. >>Having to log into the database server locally to execute such >>operations doesn't seem that bad to me. >> >> > >It does to me. I prefer being able to admin the server without having to >do a separate login. I also much prefer being able to delegate the >capability to terminate a backend, interrupt a long-running query, etc >to someone who does not have to have shell access on the server. I guess >it depends on the environment. > > > >>Bruce Momjian <pgman@candle.pha.pa.us> writes: >> >> > > > >>>If they can read/write your data (as superuser), killing backends is >>> >>> >the > > >>>least worry. >>> >>> > >That's pretty much the assumption I was working under. > > > Perhaps for the paranoid we could invent a setting which turns the facility off. Personally, I don't usually allow a superuser *any* access except from the local host - maybe that would be an answer. cheers andrew
В списке pgsql-patches по дате отправления: