Re: "Bug" report - Serious (local shell)

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Diego Linke - GAMK <linke(at)calnet(dot)com(dot)br>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: "Bug" report - Serious (local shell)
Date: 2003-08-14 19:22:43
Message-ID: 6915.1060888963@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Diego Linke - GAMK <linke(at)calnet(dot)com(dot)br> writes:
> The problem is that postgresql when calls a function in external C,
> calls with user of the postgres.

The ability to create C functions is reserved to superusers, for exactly
this reason. If you have the rights to make the backend execute
arbitrary C code, you hardly need a shell to do something nasty.

In short, this is not a bug. Don't give superuser privileges to people
you cannot trust.

regards, tom lane

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message Diego Linke - GAMK 2003-08-14 20:03:59 Re: "Bug" report - Serious (local shell)
Previous Message Kevin Houle 2003-08-14 19:11:27 DBD::Pg 'lo_read' fails on >= 32768 byte large objects