| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | Magnus Hagander <mha(at)sollentuna(dot)net> |
| Cc: | "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>, Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com>, eric(dot)leguillier(at)mpsa(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: R?f. : RE: Running PostGre on DVD |
| Date: | 2005-11-15 21:26:33 |
| Message-ID: | 20051115212633.GP7519@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Nov 15, 2005 at 10:15:01PM +0100, Magnus Hagander wrote:
> > Ah, now we are making progress. If there was a way to give up
> > file access permissions so you could no longer write files
> > to, say, the Windows System directory, this would go a long
> > way to solving the issue. Currently, if the Postmaster runs
> > as admin, anyone with access to the database could use COPY
> > to read and write any file the backend can access.
>
> Getting rid of the admin and powerusers group should do that, I think.
Look at pgwin32_is_admin(), it just checks if the user is member of one
of those two groups. I think we have your solution right here...
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2005-11-15 21:29:34 | Re: R?f. : RE: Running PostGre on DVD |
| Previous Message | Magnus Hagander | 2005-11-15 21:15:01 | Re: R?f. : RE: Running PostGre on DVD |