Re: Updated instrumentation patch

Tom Lane wrote:
> "Magnus Hagander" <mha@sollentuna.net> writes:
> > Per recent discussion, here is yet another updated version of the
> > instrumentation patch. Changes:
>
> > * Added guc option "disable_remote_admin", that disables any write
> > operations (write, unlink, rename) even for the superuser. Set as
> > PGC_POSTMASTER so it cannot be changed remotely.
>
> I was envisioning it as disabling all filesystem access --- read as well
> as write.  Essentially the abstract concept I want is that with this on,
> even a superuser cannot use Postgres to get at the underlying operating
> system.  A name like "enable_filesystem_access" would probably be more
> appropriate.
>
> Also, as I already said, marking it as PGC_POSTMASTER is simply not
> adequate security.  Once we have some sort of remote admin feature,
> I would expect it to support adjustment of even postmaster-level options
> (this would mean forcing a database restart of course) --- you can
> hardly say that you have a complete remote admin solution if you can't
> change shared_buffers or max_connections.

How does this affect COPY?  Is it not important because COPY can not
write a null byte?

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073