Re: R?f. : RE: Running PostGre on DVD

From: "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
To: Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com>
Cc: eric(dot)leguillier(at)mpsa(dot)com, Magnus Hagander <mha(at)sollentuna(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: R?f. : RE: Running PostGre on DVD
Date: 2005-11-15 16:20:06
Message-ID: 20051115162006.GG18570@pervasive.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Nov 15, 2005 at 08:10:40AM -0800, Stephan Szabo wrote:
> On Tue, 15 Nov 2005 eric(dot)leguillier(at)mpsa(dot)com wrote:
>
> > I don't understand why an user can't WILLINGLY (by EXPLICITLY setting an
> > OPTION) allow a privileged administrator to run PostGre.
>
> Well, to start with, it increases the support costs of the product as a
> whole to the community. Adding an option with severe security implications
> is not free, at least not if you want to be reasonably diligent about
> minimizing and documenting the risks. Generally the community tries to
> take that seriously, so IMHO just assuming that anyone who sets it knows
> the risks isn't acceptable.
>
> Why don't we actually start looking at the actual implications and see
> what we can do about them, rather than either assuming they're too great
> or too minimal. Maybe we'll come up with solutions to current problems as
> well.

To expand on that, someone has suggested the use of runas, so it would
be good to see how that works.

The problem here isn't that PostgreSQL refuses to run with admin
privledges, it's that the Windows security model is brain-dead. IF it
can be shown that there is no reasonable way around Windows 'security'
and IF there is enough demand from users then the community might
consider a hack that allows running PostgreSQL from an admin account.
But as it stands right now, neither of those has been shown.

So as Stephan suggested, let's try looking at the root problem and see
if there's some way to fix that.
--
Jim C. Nasby, Sr. Engineering Consultant jnasby(at)pervasive(dot)com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Jim C. Nasby 2005-11-15 16:25:00 Re: Running PostGre on DVD
Previous Message Dave Page 2005-11-15 16:16:54 RE: Réf. : RE: [HACKERS] Running PostGre on DVD