| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Dimitri Fontaine <dimitri(at)2ndQuadrant(dot)fr> |
| Cc: | Andres Freund <andres(at)2ndquadrant(dot)com>, Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Dumping an Extension's Script |
| Date: | 2012-12-05 21:20:41 |
| Message-ID: | 12952.1354742441@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Dimitri Fontaine <dimitri(at)2ndQuadrant(dot)fr> writes:
>> On 2012-12-05 13:18:16 -0500, Tom Lane wrote:
>>> I think you're wasting your time to imagine that that case will ever be
>>> "fixed". Allowing the server to scribble on executable files would set
>>> off all kinds of security alarm bells, and rightly so. If Postgres ever
>>> did ship with such a thing, I rather imagine that I'd be required to
>>> patch it out of Red Hat releases (not that SELinux wouldn't prevent
>>> it from happening anyway).
> That part I did understand. I still can't be happy about it, but I won't
> get back with any proposal where that's put into questions. That said,
> while you're talking about it, what if it's an opt-in GUC?
GUC or no GUC, it'd still be letting an unprivileged network-exposed
application (PG) do something that's against any sane system-level
security policy. Lipstick is not gonna help this pig.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stefan Kaltenbrunner | 2012-12-05 21:28:06 | strange isolation test buildfarm failure on guaibasaurus |
| Previous Message | Tom Lane | 2012-12-05 21:15:38 | Re: PITR potentially broken in 9.2 |