From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
---|---|
To: | "Martijn van Oosterhout" <kleptog(at)svana(dot)org> |
Cc: | "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>, "Stephan Szabo" <sszabo(at)megazone(dot)bigpanda(dot)com>, <eric(dot)leguillier(at)mpsa(dot)com>, <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: R?f. : RE: Running PostGre on DVD |
Date: | 2005-11-15 21:29:34 |
Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCE92E86A@algol.sollentuna.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> > > Ah, now we are making progress. If there was a way to
> give up file
> > > access permissions so you could no longer write files to,
> say, the
> > > Windows System directory, this would go a long way to solving the
> > > issue. Currently, if the Postmaster runs as admin, anyone with
> > > access to the database could use COPY to read and write
> any file the
> > > backend can access.
> >
> > Getting rid of the admin and powerusers group should do
> that, I think.
>
> Look at pgwin32_is_admin(), it just checks if the user is
> member of one of those two groups. I think we have your
> solution right here...
Oh, I know - I wrote it :-)
You still lose in the nested group scenario.
And whlie a privilege like backup/restore can be used to overwrite any
file on the system, you must be able to execute arbitrary API calls to
do that. Whereas with admin/powerusers you can just use COPY or
whatever.
Bottom line is that pgwin32_is_admin() is far from perfect, it just
catches the most common scenarios.
//Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | Martijn van Oosterhout | 2005-11-15 21:51:28 | Re: R?f. : RE: Running PostGre on DVD |
Previous Message | Martijn van Oosterhout | 2005-11-15 21:26:33 | Re: R?f. : RE: Running PostGre on DVD |