Re: lo_<commands> and SU privs

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Bell John <jbelllinux(at)yahoo(dot)com>
Cc: <pgsql-general(at)postgresql(dot)org>
Subject: Re: lo_<commands> and SU privs
Date: 2001-10-15 19:30:42
Message-ID: Pine.LNX.4.30.0110152105240.631-100000@peter.localdomain
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Bell John writes:

> You must have Postgres superuser privilege to use
> server-side lo_import. Anyone can use the client-side
> lo_import provided by libpq.
>
> Is there any way to disable this behaviour

No.

> or to give a user the priviliges that are being looked for?

I believe it said something about superuser, no? ;-)

> This effectively cripples the vast majority of programmatic interfaces
> to PostgreSQL ie. all those that are more than wrappers around libpq.

I think you might have a misunderstanding what is going on here. You are
trying to use the server-side lo_import() function, which reads from the
server's file system. That is a) a security hole, and b) mostly useless.
What you want is the lo_import function libpq or the equivalent in the
other interfaces. If the interface in question doesn't have it, then
perhaps the interface should be fixed, but that is hard to judge without
knowing the details.

--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Peter Eisentraut 2001-10-15 19:31:14 Re: Postmaster re-start problem
Previous Message Peter Eisentraut 2001-10-15 19:29:54 Re: lztext