Quick Links

Re: pgaudit - an auditing extension for PostgreSQL

From:	Stephen Frost <sfrost(at)snowman(dot)net>
To:	Jim Nasby <Jim(dot)Nasby(at)BlueTreble(dot)com>
Cc:	Neil Tiffin <neilt(at)neiltiffin(dot)com>, Yeb Havinga <yebhavinga(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Abhijit Menon-Sen <ams(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, MauMau <maumau307(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Ian Barwick <ian(at)2ndquadrant(dot)com>
Subject:	Re: pgaudit - an auditing extension for PostgreSQL
Date:	2015-02-17 18:50:59
Message-ID:	20150217185059.GX6717@tamriel.snowman.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Jim,

* Jim Nasby (Jim(dot)Nasby(at)BlueTreble(dot)com) wrote:
> We may need to bite the bullet and allow changing the user that the
> postgres process runs under so it doesn't match who owns the files.
> Maybe there's a way to allow that other than having the process
> start as root.

That's an interesting thought but it doesn't seem too likely to work out
for us. The process still has to be able to read and write the files,
create new files in the PGDATA directories, etc.

> Or maybe there's some other way we could restrict what a DB
> superuser can do in the shell.

This could be done with SELinux and similar tools, but at the end of the
day the answer, in my view really, is to have fewer superusers and for
those superusers to be understood to have OS-level shell access. We
don't want to deal with all of the security implications of trying to
provide a "trusted" superuser when that user can create functions in
untrusted languages, modify the catalog directly, etc, it really just
doesn't make sense.

Thanks,

Stephen

In response to

Re: pgaudit - an auditing extension for PostgreSQL at 2015-02-17 18:38:00 from Jim Nasby

Responses

Re: pgaudit - an auditing extension for PostgreSQL at 2015-02-17 19:04:06 from Jim Nasby

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Jim Nasby	2015-02-17 19:04:06	Re: pgaudit - an auditing extension for PostgreSQL
Previous Message	Jim Nasby	2015-02-17 18:38:00	Re: pgaudit - an auditing extension for PostgreSQL