On Tue, May 24, 2022 at 02:10:19PM -0400, Robert Haas wrote:
> I guess one question is at what level we want to disable these various
> things. Your original proposal seemed reasonable to me because I feel
> like users who are compiling PostgreSQL ought to have control over
> which things they compile. If you can turn plperl and plperlu off
> together, and you can, then why shouldn't you be able to turn them on
> and off separately? I can't think of a good reason why we shouldn't
> make that possible if people want it, and evidently at least one
> person does: you. I'm even willing to assume that you represent the
> interests of some larger group of people. :-)
I always thought if pg_proc is able to call an arbitrary function in an
arbitrary library, it could access to the file system, and if that is
true, locking the super-user from file system access seems impossible
and unwise to try because it would give a false sense of security.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Indecision is a decision. Inaction is an action. Mark Batterson