| From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
|---|---|
| To: | Gevik Babakhani <pgdev(at)xs4all(dot)nl> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: root/administartor user check option. |
| Date: | 2006-07-25 12:26:28 |
| Message-ID: | 20060725122628.GA18074@surnet.cl |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Gevik Babakhani wrote:
> > Removing or disabling the test without removing some of the dangerous
> > capabilities would be a major security hole. For example: postgres can
> > deliver to any authenticated user the contents of any text file on the
> > system that the database user can read. Do you want the responsibility
> > of allowing that for any file the administrator can read? No, I thought
> > not. Neither do we.
>
> True. This means that one just cannot "copy over" PG files and run the
> database without creating additional users and services.
>
> Just looking at how much windows standalone apps are being developed
> which potentially could use an "embedded" or "light" version of PG, I
> still think the option should be considered. Perhaps in a more
> restricted or striped-down version of PG. (PG Light or something).
Postgres is BSD, so feel free to create and "Insecure Postgres" and
distribute however you like.
Note that pg_ctl contains code to be started as admin and drop the
privileges early. That may be able to satisfy your requirements without
being extremely insecure.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gevik Babakhani | 2006-07-25 12:36:08 | Re: root/administartor user check option. |
| Previous Message | Tom Lane | 2006-07-25 12:15:55 | Re: 64-bit integers for GUC |