Re: For review: Server instrumentation patch

"Magnus Hagander" <mha@sollentuna.net> writes:
>>> If you want to secure your system against a superuser()-level 
>>> intrusion then you need to secure the unix account, or disable 
>>> creation of C-language and other untrusted languages (at least).
>> 
>> Very likely --- which is why Magnus' idea of an explicit 
>> switch to prevent superuser filesystem access seems 
>> attractive to me.  It'd have to turn off LOAD and creation of 
>> new C functions as well as COPY and the other stuff we discussed.

> So would a patch to do this be accepted for 8.1 even though we are past
> feature freeze?

Given that we don't even have a design for it, I think it's a bit late
for 8.1 :-(.

Both Bruce and I have way more on our plates than we could wish, and the
other committers aren't getting a lot done, so the originally hoped-for
beta date of 1 Aug is looking completely out of reach.  So adding yet
more stuff to the queue isn't going to get looked upon with great favor.

> And finally, with something like that in place, would you be fine with
> the file editing functions as they stand (limiting them to the pg
> directories, as I believe it does)?

I'm OK with them even without the directory limitation as long as
there's a way to disable them.  However, I fear the whole thing has to
wait for 8.2 at this point.
        regards, tom lane