Re: import/export of large objects on server-side

On Fri, Nov 16, 2001 at 05:02:13PM +0100, Klaus Reger wrote:
> > "Klaus Reger" <K(dot)Reger(at)twc(dot)de> writes:
> >> I've made a patch, that introduces an entry in the PostgreSQL-config
> >> file. You can set a drirectory, where all imports/exports can happen.
> >> If nothing is set (the default), no imports/exports on the server-side
> >> are allowed. To enhance the security, no reading/writung is allowed
> >> from/to non-regular files (block-devs, symlinks, etc.)
> >
> > This is trivially defeatable, assuming that the "import/export"
> > directory is world writable (if it isn't, importing will be tough).
>
> ...
> > While you could patch around these particular attacks by further
> > restricting the filenames, the bottom line is that server-side LO
> > operations are just inherently insecure.
> >
> > regards, tom lane
>
> Ok, you're right, but is it acceptable, to configure this, using the
> configfile, rather than with a compile-option?

You can always use client-site LO operations without this restriction.
IMHO server-site LO operations is needless and a little dirty feature.

May by add to our privilege system support for LO operations too. But
our current privilege system is very inflexible for changes1...

Karel

--
Karel Zak <zakkr(at)zf(dot)jcu(dot)cz>
http://home.zf.jcu.cz/~zakkr/

C, PostgreSQL, PHP, WWW, http://docs.linux.cz, http://mape.jcu.cz