| From: | Andreas Pflug <pgadmin(at)pse-consulting(dot)de> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | josh(at)agliodbs(dot)com, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Subject: | Re: Server instrumentation for 8.1 |
| Date: | 2005-05-12 08:37:07 |
| Message-ID: | 428315B3.8000807@pse-consulting.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Josh Berkus <josh(at)agliodbs(dot)com> writes:
>
>>>- The superuser only generic file functions in the admin package have
>>>been posted for 8.0, but where (more or less ) silently dropped. These
>>>functions allow pgadmin to display the server logs, as well as editing
>>>pg_hba.conf and postgresql.conf without console access to
>>>whatever-pgsql-is-running-on. I'd like to see this at least as contrib
>>>module (the functions are probably safer than pl_sh).
>
>
>>Heck, I didn't even see these. I was going to write some in pgperl for my own
>>use. These seem potentially very dangerous though, so we wouldn't want them
>>installed by default.
>
>
> My recollection is that they weren't "silently dropped", they were
> explicitly rejected after much discussion because of security worries
These functions were thoroughly discussed between Bruce, you and me, and
I fixed all issues that came up until a point where Bruce would agree
the functions to be reasonably safe. But it condensed down to something
like "Tom doesn't like it" at the end. The functions are not only
superuser only, but also restricted to the db cluster directory, making
them no more dangerous than "drop table pg_class".
Regards,
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Russell Smith | 2005-05-12 08:44:34 | Re: New Contrib Build? |
| Previous Message | Andreas Pflug | 2005-05-12 08:33:47 | Re: Server instrumentation for 8.1 |