> > 1) If Plpython is installed as a trusted language, and from what little I
> > can glean from the documentation, it should not have any filesystem access.
> > However, the default behavior of the restricted execution environment
> > being used allows read-only filesystem access.
>
> we have 'read-only filesystem access anyhow' :
Then I consider this a bug if a non-super-user can do this.
> using copy xxx to '/file/' we have even read-write access, we just can't
> overwrite 0600 files. And you can do only what the postgres user can do.
This is an even bigger bug. I didn't think I needed to run PostgreSQL in a
chroot jail, but its looking more like that may be needed. Any comments
from other developers? Is this really the security model you want?
If keep telling me things like this, I'll stop using Postgres!
-Kevin
--
Kevin Jacobs
The OPAL Group - Enterprise Systems Architect
Voice: (216) 986-0710 x 19 E-mail: jacobs@theopalgroup.com
Fax: (216) 986-0714 WWW: http://www.theopalgroup.com