On 06/13/2012 12:45 PM, Chris Travers wrote:
> On Tue, Jun 12, 2012 at 11:47 AM, John R Pierce <pierce@hogranch.com> wrote:
>> On 06/12/12 11:25 AM, leaf_yxj wrote:
>>> Thanks. You guys are right. I check the database. The C programm is there.
>>> ----- but why our application team keep ask me to give them the superuser
>>> privileges to create the C function. Should they use the superuser to create
>>> the C function. if yes , why they need it?
>>
>> yes, only a sql superuser can define a C function, as these have total
>> access to crashing postgres's innards.
>>
> Not just the innards, but the file system (could be used to overwrite
> data files), arbitrary system commands, etc......
Hopefully not arbitrary system commands, in that I really hope nobody's
nuts enough to run PostgreSQL as root or with write access to its own
binaries. The data files are fair game, though, and
replacement/modification of commands is probably possible in weaker
installations.
--
Craig Ringer