Re: CVE-2019-9193 about COPY FROM/TO PROGRAM

От: Jonathan S. Katz
Тема: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM
Дата: ,
Msg-id: A2F7EB11-7B4B-452D-8DEA-0DCD88535FE5@postgresql.org
(см: обсуждение, исходный текст)
Ответ на: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane)
Ответы: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Michael Paquier)
Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander)
Список: pgsql-general

Скрыть дерево обсуждения

CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Daniel Verite", )
 Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
  Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
   Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
    Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
     Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Michael Paquier, )
      Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Brad Nicholson", )
       Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Andres Freund, )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Jeff Janes, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Robert Treat, )
       Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Jeremy Schneider, )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
          Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Andres Freund, )
      Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
     Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
    Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Alvaro Herrera, )

> On Apr 1, 2019, at 9:55 AM, Tom Lane <> wrote:
>
> Magnus Hagander <> writes:
>>> On Sat, Mar 30, 2019 at 10:16 PM Tom Lane <> wrote:
>>> Yeah; this is supposing that there is a security boundary between
>>> Postgres superusers and the OS account running the server, which
>>> there is not.  We could hardly have features like untrusted PLs
>>> if we were trying to maintain such a boundary.
>
>> I wonder if we need to prepare some sort of official response to that.
>> I was considering writing up a blog post about it, but maybe we need
>> something more official?
>
> Blog post seems like a good idea.  As for an "official" response,
> it strikes me that maybe we need better documentation.

+1, though I’d want to see if people get noisier about it before we rule
out an official response.

A blog post from a reputable author who can speak to security should
be good enough and we can make noise through our various channels.

Jonathan




В списке pgsql-general по дате сообщения:

От: Foo Bar
Дата:
Сообщение: Re: WAL Archive Cleanup?
От: Michel Pelletier
Дата:
Сообщение: Re: Help with insert query