| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Fujii Masao <masao(dot)fujii(at)oss(dot)nttdata(dot)com> |
| Cc: | Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Identifying user-created objects |
| Date: | 2020-03-05 05:23:20 |
| Message-ID: | 20200305052320.GS2593@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Mar 04, 2020 at 06:57:00PM +0900, Fujii Masao wrote:
> Yes. But I'm sure that DBA has already considered the measures
> againt such threads. Otherwise malicious users can do anything
> more malicious rather than changing oid.
A superuser is by definition able to do anything on the system using
the rights of the OS user running the Postgres backend. One thing for
example is to take a base backup of the full instance, but you can do
much more interesting things once you have such rights. So I don't
quite get the line of arguments used on this thread regarding the
relation with somebody being malicious with superuser rights, and the
arguments about a superuser able to manipulate freely the catalog's
contents.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2020-03-05 06:21:49 | Re: Identifying user-created objects |
| Previous Message | Michael Paquier | 2020-03-05 05:13:26 | Re: Cast to uint16 in pg_checksum_page() |