| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de>, Hannu Krosing <hannuk(at)google(dot)com> |
| Cc: | Jeff Davis <pgsql(at)j-davis(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, Robert Pang <robertpang(at)google(dot)com> |
| Subject: | Re: Hardening PostgreSQL via (optional) ban on local file system access |
| Date: | 2022-06-29 06:51:10 |
| Message-ID: | 2c3408a04a94f482247a8e646f5778d7b92a4923.camel@cybertec.at |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 2022-06-28 at 16:27 -0700, Andres Freund wrote:
> > Experience shows that 99% of the time one can run PostgreSQL just fine
> > without a superuser
>
> IME that's not at all true. It might not be needed interactively, but that's
> not all the same as not being needed at all.
I also disagree with that. Not having a superuser is one of the pain
points with using a hosted database: no untrusted procedural languages,
no untrusted extensions (unless someone hacked up PostgreSQL or provided
a workaround akin to a SECURITY DEFINER function), etc.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pantelis Theodosiou | 2022-06-29 06:55:55 | Re: PostgreSQL 15 beta 2 release announcement draft |
| Previous Message | Alexander Pyhalov | 2022-06-29 06:45:49 | Re: CREATE INDEX CONCURRENTLY on partitioned index |