| From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
|---|---|
| To: | "Martijn van Oosterhout" <kleptog(at)svana(dot)org> |
| Cc: | "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>, "Stephan Szabo" <sszabo(at)megazone(dot)bigpanda(dot)com>, <eric(dot)leguillier(at)mpsa(dot)com>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: R?f. : RE: Running PostGre on DVD |
| Date: | 2005-11-15 21:29:34 |
| Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCE92E86A@algol.sollentuna.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > > Ah, now we are making progress. If there was a way to
> give up file
> > > access permissions so you could no longer write files to,
> say, the
> > > Windows System directory, this would go a long way to solving the
> > > issue. Currently, if the Postmaster runs as admin, anyone with
> > > access to the database could use COPY to read and write
> any file the
> > > backend can access.
> >
> > Getting rid of the admin and powerusers group should do
> that, I think.
>
> Look at pgwin32_is_admin(), it just checks if the user is
> member of one of those two groups. I think we have your
> solution right here...
Oh, I know - I wrote it :-)
You still lose in the nested group scenario.
And whlie a privilege like backup/restore can be used to overwrite any
file on the system, you must be able to execute arbitrary API calls to
do that. Whereas with admin/powerusers you can just use COPY or
whatever.
Bottom line is that pgwin32_is_admin() is far from perfect, it just
catches the most common scenarios.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2005-11-15 21:51:28 | Re: R?f. : RE: Running PostGre on DVD |
| Previous Message | Martijn van Oosterhout | 2005-11-15 21:26:33 | Re: R?f. : RE: Running PostGre on DVD |