| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Providing catalog view to pg_hba.conf file - Patch submission |
| Date: | 2015-02-28 01:40:18 |
| Message-ID: | 29710.1425087618@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> I understand that there may be objections to that on the basis that it's
> work that's (other than for this case) basically useless,
Got it in one.
I'm also not terribly happy about leaving security-relevant data sitting
around in backend memory 100% of the time. We have had bugs that exposed
backend memory contents for reading without also granting the ability to
execute arbitrary code, so I think doing this does represent a
quantifiable decrease in the security of pg_hba.conf.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-02-28 01:42:47 | Re: Re: [COMMITTERS] pgsql: Invent a memory context reset/delete callback mechanism. |
| Previous Message | Josh Berkus | 2015-02-28 01:36:50 | Re: Providing catalog view to pg_hba.conf file - Patch submission |