| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Martín Marqués <martin(dot)marques(at)gmail(dot)com>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Gabriele Bartolini <gabriele(dot)bartolini(at)enterprisedb(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Possibility to disable `ALTER SYSTEM` |
| Date: | 2024-01-30 21:58:56 |
| Message-ID: | CABUevEyYsuFUDUFW9=M4w3EbsxY9xfKXAxPPWRER9KRr0mEb1A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jan 30, 2024 at 10:48 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> > There's nothing wrong with that exactly, but what does it gain us over
> > my proposal of a sentinel file?
>
> I was imagining using selinux and/or sepgsql to directly prevent
> writing postgresql.auto.conf from the Postgres account. Combine that
> with a non-Postgres-owned postgresql.conf (already supported) and you
> have something that seems actually bulletproof, rather than a hint.
> Admittedly, using that approach requires knowing something about a
> non-Postgres security mechanism.
Wouldn't a simple "chattr +i postgresql.auto.conf" work?
--
Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2024-01-30 22:18:49 | Re: 003_extrafiles.pl test fails on Windows with the newer Perl versions |
| Previous Message | Andres Freund | 2024-01-30 21:58:12 | Re: Fix some ubsan/asan related issues |