From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
---|---|
To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Andreas Pflug" <pgadmin(at)pse-consulting(dot)de> |
Cc: | "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>, "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>, "PostgreSQL-development" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: For review: Server instrumentation patch |
Date: | 2005-07-24 19:10:10 |
Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCE094609@algol.sollentuna.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> > Because I wanted the standard platform behaviour of both.
> For backend
> > storage subsystem purposes, it's certainly necessary to emulate *ix
> > behaviour of deleting a file in use, but for generic file
> access IMHO
> > the generic behaviour should be exposed.
>
> I'm going to repeat my firm opposition to this patch. Under
> the innocuous-sounding banner of "server instrumentation",
> you are once again trying to put in generic file access
> capabilities that will allow remote Postgres superusers full
> access to the server filesystem.
>
> The potential security risks of this are obvious to anyone.
> The only justification that has been offered is "this will
> make remote administration easier". Well, yeah, but it will
> make remote breakins easier too. Valuing ease of use over
> security is the philosophy that got Microsoft into the mess
> they're in now --- do we want to follow that precedent?
How is this different from the fact that the superuser can already use
COPY to accomplish the same thing? Sure, you have to go through a
temporary table but if you're superuser that is not exactly a problem.
You can read/write any file the service account has permissions on.
//Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | Simon Riggs | 2005-07-24 19:55:09 | Re: A Guide to Constraint Exclusion (Partitioning) |
Previous Message | Greg Stark | 2005-07-24 19:00:23 | Re: A Guide to Constraint Exclusion (Partitioning) |