| From: | Itagaki Takahiro <itagaki(dot)takahiro(at)gmail(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_execute_from_file, patch v10 |
| Date: | 2010-12-14 03:21:56 |
| Message-ID: | AANLkTimzLO7_zVPQSDDh2ku_KWX4SP7udenM2pt_NK=p@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Dec 14, 2010 at 12:02, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Mon, Dec 13, 2010 at 9:41 PM, Itagaki Takahiro
>> So, the most important part of this patch is allowing to read any
>> files in the server file system. The current pg_read_file() allows
>> to read only files under $PGDATA and pg_log.
>
> As Tom says, this is clearly not going to fly on security grounds.
If it's a security hole, lo_import() should be also a hole
because we can use lo_import() and SELECT * FROM pg_largeobject
for the same purpose...
> I don't have any problem with a separate patch to try to improve some
> of these issues, but this is supposedly part of the extensions work,
> yet (1) most of what's here has little to do with extensions and (2)
> extensions don't need this stuff exposed at the SQL level anyway. I'm
> inclined to mark this patch as Returned with Feedback.
If so, I'm not sure why we need to split the EXTENSION patch into sub pieces.
In my understanding, we did it because the sub pieces are also useful in
standalone. The requirement for the pieces was changed and extended in
discussions, but I hope the change will not be the reason to reject the patch.
--
Itagaki Takahiro
| From | Date | Subject | |
|---|---|---|---|
| Next Message | KaiGai Kohei | 2010-12-14 03:28:18 | Re: rest of works for security providers in v9.1 |
| Previous Message | Robert Haas | 2010-12-14 03:19:21 | Re: hstores in pl/python |