Re: logfile subprocess and Fancy File Functions

Andrew Dunstan wrote:
>
>
> Bruce Momjian wrote:
>
> >As a super-user, could an attacker load a server-side language and
> >access the backend environment variable PGDATA.
> >
> >
>
> plperl won't do it, but plperlu will (as expected I guess). But the
> superuser will have to jump through some explicit hoops in order to get
> there, which is different from providing such facilities out of the box.

I am thinking they could easily use pgtcl.  I don't think the hoops are
very high.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073