Re: For review: Server instrumentation patch

From: "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Magnus Hagander" <mha(at)sollentuna(dot)net>
Cc: "Andrew Dunstan" <andrew(at)dunslane(dot)net>, "Andreas Pflug" <pgadmin(at)pse-consulting(dot)de>, "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>, "PostgreSQL-development" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: For review: Server instrumentation patch
Date: 2005-07-25 19:41:53
Message-ID: E7F85A1B5FF8D44C8A1AF6885BC9A0E4AC94DC@ratbert.vale-housing.co.uk
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> -----Original Message-----
> From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us]
> Sent: 25 July 2005 15:18
> To: Magnus Hagander
> Cc: Andrew Dunstan; Andreas Pflug; Bruce Momjian; Dave Page;
> PostgreSQL-development
> Subject: Re: [HACKERS] For review: Server instrumentation patch
>
> > Or what about a parameter to restrict both COPY and the utility
> > functions to certain subdirs only? (BTW, I was under the
> impression that
> > the admin functions were restricted to the pgdata directory
> already, but
> > I could be wrong - I don't have the latest version of the
> patch around)

It does. Prior to feature freeze, that was the *only* concern raised
with the patch, despite significant discssion.

> We've gone back and forth on that with respect to the proposed admin
> functions, and I forget which way the current patch is. But
> it doesn't
> do much to stop the privilege escalation risk: if you can
> write into any
> of the same directories you can LOAD from, the risk exists. (And
> detecting whether two paths overlap is very hard in general,
> considering
> directory symlinks, AFS mounts, etc, so we probably couldn't hope to
> forbid LOADing from any writable directory.)

I'm not going to repeat all the other arguments here because they've
been put forward perfectly well by others, but I feel I must point out
my dismay at what seems like a complete disregard for non-core
applications that has been expressed to me off-list by a number of
people. This patch has been discussed on and off since before 8.0 was
released, and some time prior to feature freeze I took over the task of
trying to get it accepted from Andreas so he could continue with other
work. The patch was discussed in great depth again (prior to feature
freeze) and none of these concerns were raised. Had they been, we might
have worked to find an alternative solution to the problem to allow
PostgreSQL to boast simple features offered by every other modern DBMS
I've used. Instead, because we are so far past feature freeze, there is
no chance that an altenative solution will be accepted.

The common belief in the messages I've received seems to be that users
that prefer to use a GUI are simply not welcome. True or not (and I do
hope that is not the case), it's a great shame that it seems that
PostgreSQL will remain configurable only from the command line - as one
well respected member of the community wrote to me:

"I hope no other open source DBMS guys are following this thead. They
must be ROFL seeing how Core is trying to prevent remote
administrability."

Regards, Dave.

Browse pgsql-hackers by date

  From Date Subject
Next Message Jim C. Nasby 2005-07-25 20:34:18 Re: [HACKERS] Enticing interns to PostgreSQL
Previous Message Larry Rosenman 2005-07-25 19:13:52 Re: regression failure on latest CVS