Re: [GENERAL] BUG #1830: Non-super-user must be able to copy from a

Martijn van Oosterhout <kleptog(at)svana(dot)org> writes:
> On Fri, Aug 19, 2005 at 09:15:52AM -0400, Stephen Frost wrote:
>> Personally, I do like the idea of a user-level 'copy server-side files'
>> permission that could be granted to reduce the need for things to run as
>> superuser.

> There is one important point though: The server copying things is
> seriously restricted. No matter how much authentication you do, the
> server cannot *become* you. Hence it cannot access your files unless
> they are world readable.

And maybe not even then. For instance, on a SELinux system, the
postmaster will probably be forbidden by kernel-enforced security
policies from reading or writing any files outside the /var/lib/pgsql/
tree. (This sort of restriction is used for most network-accessible
daemons in SELinux, so as to limit the system's exposure in case someone
manages to crack into the daemon.) Server-side COPY is essentially
useless even for superusers in such a context.

The correct answer to this whole thread is "get some COPY support in
JDBC". It's unlikely you'll persuade anyone that relaxing the
restrictions on server-side file access is a good idea. The thrust
of recent discussions has been more about tightening 'em, in fact.

regards, tom lane