| From: | Andres Freund <andres(at)2ndquadrant(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Where to load modules from? |
| Date: | 2013-09-20 12:10:38 |
| Message-ID: | 20130920121038.GC25971@awork2.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2013-09-20 08:06:56 -0400, Robert Haas wrote:
> On Thu, Sep 19, 2013 at 5:54 PM, Andres Freund <andres(at)2ndquadrant(dot)com> wrote:
> > Because I want to specify multiple paths. E.g. one with modules for a
> > specific postgres version, one for the cluster and one for my
> > development directory.
> > Now we could recursively search a directory that contains symlinks to
> > directories, but that seems ugly.
> I see. My main hesitation is around security. I feel somehow that
> changing a GUC to trojan the system would be easier for a remote user
> to accomplish than having to replace a directory with a symlink.
If they can change a PGC_POSTMASTER GUC, they already can easily enough
do:
shared_preload_libraries='/path/to/my/bad/so.so'
that's already allowed.
Greetings,
Andres Freund
--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2013-09-20 12:21:47 | Re: Where to load modules from? |
| Previous Message | Robert Haas | 2013-09-20 12:06:56 | Re: Where to load modules from? |