Re: logfile subprocess and Fancy File Functions

Tom Lane wrote:
> Stephan Szabo <sszabo@megazone.bigpanda.com> writes:
> > On Fri, 23 Jul 2004, Andreas Pflug wrote:
> >> What I'd like is
> >>
> >> SELECT pg_file_unlink('postgresql.conf.bak');
> >> SELECT pg_file_write('postgresql.conf.tmp', 'listen_addresses=...');
> >> SELECT pg_file_rename('postgresql.conf.tmp', 'postgresql.conf',
> >> 'postgresql.conf.bak');
> >> SELECT pg_reload_conf();
>
> > I personally don't think the above is the correct approach to allowing
> > configuration editing from remote.
>
> I'm pretty much against allowing configuration editing from remote
> altogether.  It would raise the stakes tremendously in terms of what
> an attacker can do once they've acquired a connection with superuser
> rights.  Remember that the above could be applied to pg_hba.conf,
> pg_ident.conf, etc just as well as postgresql.conf.  Not to mention
> $HOME/.profile and other things the postgres user may own.

Why can't they just use COPY to replace the contents of pg_hba.conf now?

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073