Re: How to create c language in postgresql database. Thanks.

On Wed, Jun 13, 2012 at 12:19 AM, Craig Ringer <[hidden email]> wrote:

> On 06/13/2012 12:45 PM, Chris Travers wrote:
>>
>> On Tue, Jun 12, 2012 at 11:47 AM, John R Pierce <[hidden email]>
>> wrote:
>>>
>>> On 06/12/12 11:25 AM, leaf_yxj wrote:
>>>>
>>>> Thanks. You guys are right. I check the database. The C programm is
>>>> there.
>>>>   ----- but why our application team keep ask me to give them the
>>>> superuser
>>>> privileges to create the C function. Should they use the superuser to
>>>> create
>>>> the C function. if yes , why they need it?
>>>
>>>
>>> yes, only a sql superuser can define a C function, as these have total
>>> access to crashing postgres's innards.
>>>
>> Not just the innards, but the file system (could be used to overwrite
>> data files), arbitrary system commands, etc......
>
> Hopefully not arbitrary system commands, in that I really hope nobody's nuts
> enough to run PostgreSQL as root or with write access to its own binaries.
> The data files are fair game, though, and replacement/modification of
> commands is probably possible in weaker installations.

Maybe not as arbitrary as it would as root, but at least arbitrary in
the sense of "able to do or access anything that the system will let
the Postgres process access."  That means all binaries an ordinary
user can access and all system calls that don't require root unless
you lock things down using something like SELinux.....

Best Wishes,
Chris Travers

--
Sent via pgsql-general mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

---

If you reply to this email, your message will be added to the discussion below:

http://postgresql.1045698.n5.nabble.com/How-to-create-c-language-in-postgresql-database-Thanks-tp5712221p5712359.html

To unsubscribe from How to create c language in postgresql database. Thanks., click here.
NAML