From: | Chris Travers <chris(dot)travers(at)gmail(dot)com> |
---|---|
To: | Craig Ringer <ringerc(at)ringerc(dot)id(dot)au> |
Cc: | John R Pierce <pierce(at)hogranch(dot)com>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: How to create c language in postgresql database. Thanks. |
Date: | 2012-06-13 07:28:30 |
Message-ID: | CAKt_ZfsX3kCg+p5X6Wy13UsRe_Rw=oH4dT9_UX8TqQeh0dXMjg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Wed, Jun 13, 2012 at 12:19 AM, Craig Ringer <ringerc(at)ringerc(dot)id(dot)au> wrote:
> On 06/13/2012 12:45 PM, Chris Travers wrote:
>>
>> On Tue, Jun 12, 2012 at 11:47 AM, John R Pierce <pierce(at)hogranch(dot)com>
>> wrote:
>>>
>>> On 06/12/12 11:25 AM, leaf_yxj wrote:
>>>>
>>>> Thanks. You guys are right. I check the database. The C programm is
>>>> there.
>>>> ----- but why our application team keep ask me to give them the
>>>> superuser
>>>> privileges to create the C function. Should they use the superuser to
>>>> create
>>>> the C function. if yes , why they need it?
>>>
>>>
>>> yes, only a sql superuser can define a C function, as these have total
>>> access to crashing postgres's innards.
>>>
>> Not just the innards, but the file system (could be used to overwrite
>> data files), arbitrary system commands, etc......
>
> Hopefully not arbitrary system commands, in that I really hope nobody's nuts
> enough to run PostgreSQL as root or with write access to its own binaries.
> The data files are fair game, though, and replacement/modification of
> commands is probably possible in weaker installations.
Maybe not as arbitrary as it would as root, but at least arbitrary in
the sense of "able to do or access anything that the system will let
the Postgres process access." That means all binaries an ordinary
user can access and all system calls that don't require root unless
you lock things down using something like SELinux.....
Best Wishes,
Chris Travers
From | Date | Subject | |
---|---|---|---|
Next Message | Thomas Kellerer | 2012-06-13 07:28:59 | Re: Create view is not accepting the parameter in postgres functions |
Previous Message | Craig Ringer | 2012-06-13 07:19:42 | Re: How to create c language in postgresql database. Thanks. |